Compliance
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,160
On Slideshare
1,147
From Embeds
13
Number of Embeds
2

Actions

Shares
Downloads
22
Comments
0
Likes
0

Embeds 13

http://www.netbr.com.br 12
http://netbr.com.br 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Compliance
  • 2. Quest Compliance Suite
    for Exchange
    for File Access
    for SharePoint *
    • Visibility to an expected configuration state (server hardening document)
    • 3. Visibility to an expected operational policy (user provisioning process)
    • 4. Visibility of end user access (permissions)
    • 5. Forensic analysis to determine who, what, when and how the deviation occurred from the assess phase
    • 6. Notify of any changes to the expected state
    • 7. Preventative controls to address the deviation from ever occurring in the first place
    • 8. Address issue immediately
    • 9. Document that the deviation is an exception and therefore authorized
  • Quest ActiveRoles Server
    Practical Provisioning, Management, and Security for Active Directory, AD LDS and Beyond
  • 10. Introducing ActiveRoles Server
    Practical Provisioning, Management, and Security for Active Directory, AD LDS and Beyond
    ActiveRoles Server offers a practical approach to automated Active Directoryuser provisioning and administration, for maximum security and efficiency
  • 11. Key Features
    Provisioning
    End-to-End User and Group Lifecycle Management
    Automatic User and Group Provisioning and Deprovisioning
    Management
    Unified Active Directory and Active Directory Lightweight Directory Services (AD LDS – formerly ADAM) Management
    Automated group management
    Interfaces for Day-to-Day administrators, Help Desk, and end user self-service
    ADSI and PowerShell support for extensibility
    Security
    Controlled Administration through Roles and Rules for a true least privilege model
    Approval Workflow for Change Control
    Centralized Auditing & Reporting
    Add-on Applications
    Quickly and easily connect to existing HR/ERP system or ILM 2007 (MIIS) to provision and synchronize Active Directory
    Simplified Exchange Resource Forest Management – from a single console
    Protection for critical DNS Services
    Compliant & Secure Access Management through Group Membership Self-Service
  • 12. ActiveRoles Server
    Provisioning
  • 13. Identity Lifecycle Management
    • Access to Applications Granted
    • 14. Accounts in Connected Systems Created
    • 15. E-mail notifications
    New User is Provisioned (Hire)
    • User Account Creation
    • 16. Mailbox and Home Folders Creation
    • 17. Group and Distribution List Memberships
    Identity Administration
    • Information updates
    • 18. Group and Distribution List Membership Changes
    • 19. Self-service
    Deprovision (Retire)
    • Employment Status Changes
    • 20. Disable Accounts
    • 21. Disable Access to Resources
    • 22. Assign Entitlements to others
    Reprovisioning (Promotion)
    • Promotions or Transfers
    • 23. Project Assignments
    • 24. Information updates
  • Automated User andGroup Provisioning
    Create User
  • 25. ActiveRoles Server
    Management
  • 26. Efficient Group Management
    Efficiency
    Extensive Group Management functionality saves Time, makes administrators more efficient, reduces errors and accuracy ensured by application of consistent policies
    Improves Administrator efficiency while reducing mistakes and security concerns.
    Exclude criteria provides separation of duties capability
    Group Membership Rules
    Automatically add users to groups based on a common set of policy rules.
    Dynamic Groups and Group Families
    Automatically add or remove users to groups according to a set of query based criteria - Bulk creation and population of groups
  • 27. Web Based Day-to-Day Adminand Help Desk Web Consoles
    Simplifies day-to-day tasks and reduces administrative costs
    Provides alternate console for managing Active Directory
    Configurable with Point-and-click simplicity to meet customer needs
    Complete management of user, group, computer, and Microsoft Exchange
    Built with the latest ASP.NET technology
  • 28. Empower UsersThrough Self-Service
    • Off-load personal information management with Self-Service
    Decreases help desk calls and IT time
    Exchange GAL more accurate (info updated more easily/often)
    Allow employees to determine what personal info is published
    • Users can modifying their own personal data through a easy to use Self-Service web interface, allowing IT to oversee but not perform these time consuming tasks
  • Extensibility
    ADSI Scripting
    Provides support for an Active Directory Service Interfaces (ADSI) that is subject to Rule, Roles and Reporting
    SDK included
  • 29. ARS Mgmt Shell for AD
    • What is PowerShell?
    New command line interface from Microsoft
    More “Unix” like usage
    The foundation of Exchange 2007
    • Why is PowerShell Important for ActiveRoles?
    Provides a command line for ActiveRoles Server
    Simplifies bulk operations
    Commands work with or without ActiveRoles Server, but maximum benefit only comes with ActiveRoles ownership
    ActiveRoles (at Microsoft’s request) is the first and only product to provide PowerShell commands for Active Directory
    Commands are subject to Rules, Roles and Approvals
    Microsoft
    PowerShell
  • 30. Controlled Administrationwith Roles and Rules
    Provides administrative layer between users and Active Directory, for strict enforcement of operating policies and to eliminate unregulated access - Enforces “Least Privilege” Model
    Allows for centralized auditing and reporting of directory-related changes
    Simplifies the process of delegating rights by abstracting the required delegation into roles (or templates) that can be quickly deployed and easily maintained
    Controls the administrative rights that individual accounts and groups get in Active Directory through role-based delegation
    Provides full reporting and import/export capabilities
    Provides multi-forest support
  • 31. Roles Based Delegation
    Sr. Administrator
    Exchange Admins
    OU Admins / Help Desk
    Application / Data Owners
    End user Self-Service
    Day-to-Day Admin
    Active Directory
    Full Control
    Computers
    Domain Controllers
    AD Architect
    Mailbox Admin
    Create Mailbox,
    Move Mailbox
    APAC
    EMEA
    North America
    Service Desk
    New York
    Create Users/Groups Create Groups
    Reset Passwords, Unlock Accounts
    Mexico City
    Self-Service
    AD LDS
    Update personal Information
    Request Changes
    ADAM Objects
    App/Data Owners
    DNS Servers
    Change Group Membership
    DNS Records
    Job Function
    Roles
    Access
  • 32. Prevent Un-wanted Changewith Approval Workflow
    Management
    Solution
    Remediation -
    Deprovision
    Groups
    Applicationor
    Data Owner
    ApprovalWorkflow
    + -
    Manage GroupMembership
    Or Review
    Owner
    Attestation
    Review
    Assistants
    IT Oversight
    VerificationReports
    IT Administrator
    Provides segregation of duties and tracking of request and responses to help with security and compliance
  • 33. Centralized Reportingand Change History
    Operations Tracking
    On-line Administrator Activity Tracking
    Compliance Checking
  • 34. QuestIntrust
    SIEM &
    AD , File and Exchange Protection
  • 35. What if you could…
    Obtain real-time, detailed tracking of all changes to Active Directory (AD) and Group Policy settings?
    Take corrective actions for undesired changes in AD and ADAM, eliminating downtime and security breaches caused by accidental deletions or modifications?
    Be notified in real-time when critical events and changes are detected in AD, ensuring your awareness of possible security violations and destructive changes?
    Ensure adherence to compliance regulations and internal policies by tracking all activity in your Active Directory environment?
    Protect Active Directory by preventing changes to the most critical Active Directory objects, down to the attribute level including Group Policy Object settings?
  • 36. InTrustArchitecture Overview
    InTrust
    Server
    Reports
    Real-Time
    Store
    SQL Server SRS
    Quest Knowledge Portal
    InTrust Repository
    • Compressed, long-term storage
    • 37. Correlated Reporting
    • 38. Real-time Monitoring (Alerts)
    • 39. Automated log collection
    • 40. Ensures Log Integrity
  • Sample InTrustReportAudit Collection Services
  • 41. Configure File Access Auditfrom a Central Location
    23
    • Agents and reports can be deployed and configured from a single location
    • 42. Admins can manage all agent activity from a single console
  • Configure File Access Auditfrom a Central Location
    24
    With the Lockdown feature you have the option to allow access to all users or specific accounts only
  • 43. Sample reports with drill-down functionality which enablesyou to find exactly what you are looking for
    All file access activity performed by that user
    All recently deleted files and by user
  • 44. More sample reports…
    Drill down information from file highlighted in red showing all modification to that file and by whom
  • 45. QuestReporter
    Baseline,
    Compliance and Configuratiion
  • 46. What if you could…
    Audit administrative rights on your domains, workstations and servers?
    Ensure that privileges that are granted are in conformance with your formal security policies?
    Provide configuration reports quickly with the most current information?
    Have the capability to take action on violations to security policies?
    Know what changes have taken place to objects in the directory?
    Satisfy the needs of different data consumers in your organization?
  • 47. Here’s how it works
  • 48. User Properties Report
  • 49. NTFS Security Report
  • 50. Quest Compliance Suite
    for Exchange
    for File Access
    for SharePoint *
    • Visibility to an expected configuration state (server hardening document)
    • 51. Visibility to an expected operational policy (user provisioning process)
    • 52. Visibility of end user access (permissions)
    • 53. Forensic analysis to determine who, what, when and how the deviation occurred from the assess phase
    • 54. Notify of any changes to the expected state
    • 55. Preventative controls to address the deviation from ever occurring in the first place
    • 56. Address issue immediately
    • 57. Document that the deviation is an exception and therefore authorized