NetIQ, profile picture
Uploaded byNetIQ
PPTX, PDF1,603 views

Scrubbing Your Active Directory Squeaky Clean

The document discusses the importance of cleaning up Active Directory environments to mitigate risks associated with inactive and unmanaged accounts, emphasizing the need for automated cleanup processes to enhance security and compliance. It highlights challenges faced by organizations in managing user accounts and the necessity of effective user lifecycle management as well as self-service options for users. Additionally, it notes the significance of adhering to regulatory standards and improving user empowerment through self-service password management.

Embed presentation

Downloaded 20 times
Scrubbing your Active Directory Squeaky Clean! Chris Radband Senior Solutions Consultant
Lets talk about… • Cleaning up your Active Directory • What’s happening in your environment today • Controlling changes in your environment  eg. user lifecycle management • Empowering the user with self-service 32 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Active Directory clean-up
Active Directory Environmental Clean-up Challenges of an unmanaged Active Directory Estate • Inactive Users • Disabled Users • Locked out users • Expired Users • Passwords never set to expire • Security Groups with no members • Nested Security Groups • Stale Computer Accounts • Mixed-Naming conventions • Reducing the number of Power Users These illustrate just a few common Security risks, Performance impacts and contributors to Audit failures seen in many environments of all sorts of sizes 44 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
How do you deal with Clean-up today? Scripted and manual clean-up tasks are labour intensive, limited in functionality, inaccurate and often at worst can have all sorts of unexpected results! *Source: http://www.codeproject.com/Articles/18621/VBScript-to-Disable-Old-Accounts-in-Active-Directo 55 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Automated Clean-up of Inactive Accounts 66 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Automated Clean-up of Inactive Accounts Discovery: Process runs to determine which accounts are inactive 67 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Automated Clean-up of Inactive Accounts Discovery: Process runs to determine which accounts are inactive Action: Request administrator or manager approval to disable account 68 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Automated Clean-up of Inactive Accounts Discovery: Process runs to determine which accounts are inactive Action: Request administrator or manager approval to disable account Remediation: Account is disabled and therefore secured 69 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
What are today’s challenges, right now?
Regulatory & Oversight Pressures Internal Audit Board of Directors – Oversight Groups 11 © 2011 NetIQ Corporation. All rights reserved.
Worst case scenario… http://www.flickr.com/photos/teegardin/6093810333/in/photostream/ 12 © 2011 NetIQ Corporation. All rights reserved.
Increasing audit and compliance requirements …not to mention good-practice! • • Identify Change when it happens • Catalogue managed and unmanaged changes • Detect high-profile changes • Provides detailed AD/GPO change history • Centrally record and audit AD/GPO changes • Easily integrates into your existing AD change process • © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved. Satisfying audit requirements/achieving compliance with regulations such as ISO 27001/2, Sarbanes-Oxley and PCI DSS • 7 13 Minimises the risk associated with Operational changes Feeding events backup to your Monitoring Infrastructure
14 © 2011 NetIQ Corporation. All rights reserved.
Monitor for unmanaged GPO Changes 8 15 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Be proactive: GPO change: Email report sent to administrators 9 16 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Regaining Control…
Managing Privileged/Non-privileged Users • Why is it important? • The granular the better but no added complexity • Something which defines: - - - WHO– who are we delegating control to (for Active Directory). WHAT – what functionality/permissions are we delegating to the individual(s) WHERE – which objects are we allowing these individuals to execute their permissions on (most likely contain multiple objects). • Capable of managing an enterprise environment • Report on delegation • Controlled way to make changes to environment 11 18 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Just in Time Automated Access 12 19 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Just in Time Automated Access 12 20 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Just in Time Automated Access 12 21 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Just in Time Automated Access 12 22 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
User Provisioning, User De-provisioning, User Re-provisioning • Reducing the human element • Increasing Security & compliance • Does it increase consistency? • Is it truly efficient and does it save time? • Does the process work for your business today? • Can it accommodate the changes of tomorrow? 13 23 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Empowering the User…
Password Management • It may seem straightforward to us but the statistics are scary! – – 65% – 82% – 25 64% 76% © 2011 NetIQ Corporation. All rights reserved.
Password Management • It may seem straightforward to us but the statistics are scary! – – 65% – 82% – 26 64% - end users that write passwords down 76% © 2011 NetIQ Corporation. All rights reserved.
Password Management • It may seem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% – 27 64% - end users that write passwords down 76% © 2011 NetIQ Corporation. All rights reserved.
Password Management • It may seem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% - have forgotten a password – 28 64% - end users that write passwords down 76% © 2011 NetIQ Corporation. All rights reserved.
Password Management • It may seem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% - have forgotten a password – 29 64% - end users that write passwords down 76% - intrusions exploit weak or stolen credentials © 2011 NetIQ Corporation. All rights reserved.
Password Management • It may seem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% - have forgotten a password – • 64% - end users that write passwords down 76% - intrusions exploit weak or stolen credentials Instead, provide the user ability to reset password anytime and anyplace (at work, home, or on the road) – Increased productivity – lower TCO – – – Helpdesk freed to perform higher value tasks Users don’t have to wait for their password to be reset Increased security – – Challenge questions provide higher security than phone based user validation – 30 Users less likely to write password down on paper Password rules enable consistent enforcement of password policy © 2011 NetIQ Corporation. All rights reserved.
Self Service Administration Empowering the Business User More than just Self Service Password Reset... • Further Frees up IT Resources • Giving the business users an On-Demand Service • Controlled way to deal with User Request • Being able to provide a timely response • Requesting access to resources • Mailbox Size Quota Increase Request • Group membership change request 14 31 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
NetIQ Solutions • Directory and Resource Administrator • Aegis • Group Policy Administrator • Change Guardian for Active Directory • Self-Service Password Reset See NetIQ.com/Products 16 32 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
Demo
www.netiq.com

More Related Content

PPTX
Building A Cloud-Ready Security Program
byNetIQ
 
PPTX
Advanced Persistent Threat - Evaluating Effective Responses
byNetIQ
 
PPTX
A Smarter, More Secure Internet of Things
byNetIQ
 
PPTX
Leveraging Identity to Manage Change and Complexity
byNetIQ
 
PPTX
From reactive to automated reducing costs through mature security processes i...
byNetIQ
 
PPTX
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
bycentralohioissa
 
PPTX
SANS Critical Security Controls Summit London 2013
byWolfgang Kandek
 
PDF
Ruben Melendez - Economically Justifying IT Security Initiatives
bycentralohioissa
 
Building A Cloud-Ready Security Program
byNetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
byNetIQ
 
A Smarter, More Secure Internet of Things
byNetIQ
 
Leveraging Identity to Manage Change and Complexity
byNetIQ
 
From reactive to automated reducing costs through mature security processes i...
byNetIQ
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
bycentralohioissa
 
SANS Critical Security Controls Summit London 2013
byWolfgang Kandek
 
Ruben Melendez - Economically Justifying IT Security Initiatives
bycentralohioissa
 

What's hot

PPTX
Helen Patton - Cross-Industry Collaboration
bycentralohioissa
 
PDF
Why Executives Underinvest In Cybersecurity
byHackerOne
 
PPSX
William Diederich - Security Certifications: Are They Worth the Investment? A...
bycentralohioissa
 
PDF
MT 117 Key Innovations in Cybersecurity
byDell EMC World
 
PDF
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
byDell EMC World
 
PPTX
Tripwire Energy Working Group: Keynote w/Patrick Miller
byTripwire
 
PDF
Security in the News
byJames Sutter
 
PPTX
Two Peas in a Pod: Cloud Security and Mobile Security
byOmar Khawaja
 
PPTX
2015 KSU So You Want To Be in Cyber Security
byPhil Agcaoili
 
PPTX
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
bycentralohioissa
 
PPTX
Advanced threat protection and big data
byPeter Wood
 
PPTX
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
PDF
RSA ASIA 2014 - Internet of Things
byWolfgang Kandek
 
PPTX
Tripwire Energy Working Group: TIV Demo
byTripwire
 
PDF
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
bycentralohioissa
 
PPTX
Lisa Guess - Embracing the Cloud
bycentralohioissa
 
PPTX
The Internet of Everything is Here
byLancope, Inc.
 
PPTX
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
byPhil Agcaoili
 
PPTX
Regulations in IoT - Innovation Stifle or Urgent Need
byRajesh Chitharanjan
 
PDF
Mobile Security
byJames Sutter
 
Helen Patton - Cross-Industry Collaboration
bycentralohioissa
 
Why Executives Underinvest In Cybersecurity
byHackerOne
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
bycentralohioissa
 
MT 117 Key Innovations in Cybersecurity
byDell EMC World
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
byDell EMC World
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
byTripwire
 
Security in the News
byJames Sutter
 
Two Peas in a Pod: Cloud Security and Mobile Security
byOmar Khawaja
 
2015 KSU So You Want To Be in Cyber Security
byPhil Agcaoili
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
bycentralohioissa
 
Advanced threat protection and big data
byPeter Wood
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
RSA ASIA 2014 - Internet of Things
byWolfgang Kandek
 
Tripwire Energy Working Group: TIV Demo
byTripwire
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
bycentralohioissa
 
Lisa Guess - Embracing the Cloud
bycentralohioissa
 
The Internet of Everything is Here
byLancope, Inc.
 
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
byPhil Agcaoili
 
Regulations in IoT - Innovation Stifle or Urgent Need
byRajesh Chitharanjan
 
Mobile Security
byJames Sutter
 

Viewers also liked

PDF
NetIQ Disaster Recovery ebook
bypamolson
 
PDF
Risk assessment system inside NetIQ. NCU development
byNCU Ltd
 
PDF
NetIQ sessie Boudewijn van Lith
byvdhendrikse
 
PPTX
Plate spin migration and transformation prsesentation upload
byApurva Shah
 
PPTX
Are You Being Anti-Social
byNetIQ
 
PPTX
Bring Your Own Identity
byNetIQ
 
PPTX
BrainShare 2014
byNetIQ
 
PDF
Remote desktop connection
byJasleen Kaur (Chandigarh University)
 
PPT
Identity, Security and Healthcare
byNetIQ
 
PPT
Remote Access
byzaisahil
 
PPTX
What is active directory
byAdeel Khurram
 
PPTX
Remote access service
byApoorw Pandey
 
PPTX
Update Your Disaster Recovery Plans with Virtualization
byJason Dea
 
PPTX
3 g and 4g final ppt
byjitendra k Singh
 
PDF
Big Payoffs With BYOD and Mobility
byNetIQ
 
PDF
#MFSummit2016 Secure: Mind the gap strengthening the information security model
byMicro Focus
 
PPT
Building an Effective Identity Management Strategy
byNetIQ
 
PPT
Active Directory
bySandeep Kapadane
 
NetIQ Disaster Recovery ebook
bypamolson
 
Risk assessment system inside NetIQ. NCU development
byNCU Ltd
 
NetIQ sessie Boudewijn van Lith
byvdhendrikse
 
Plate spin migration and transformation prsesentation upload
byApurva Shah
 
Are You Being Anti-Social
byNetIQ
 
Bring Your Own Identity
byNetIQ
 
BrainShare 2014
byNetIQ
 
Remote desktop connection
byJasleen Kaur (Chandigarh University)
 
Identity, Security and Healthcare
byNetIQ
 
Remote Access
byzaisahil
 
What is active directory
byAdeel Khurram
 
Remote access service
byApoorw Pandey
 
Update Your Disaster Recovery Plans with Virtualization
byJason Dea
 
3 g and 4g final ppt
byjitendra k Singh
 
Big Payoffs With BYOD and Mobility
byNetIQ
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
byMicro Focus
 
Building an Effective Identity Management Strategy
byNetIQ
 
Active Directory
bySandeep Kapadane
 

Similar to Scrubbing Your Active Directory Squeaky Clean

PDF
Challenges of Active Directory User Management
byNetIQ
 
PDF
Active directoryaccountprovisioningwp
bywardell henley
 
PPTX
Risk management of privileged users 2
byKen Willén
 
PPTX
Identity Management
byVenkatesh Jambulingam
 
PPTX
Co p
byAllyn McGillicuddy
 
PDF
Security Breaches from Compromised User Logins
byIS Decisions
 
PDF
Co p
byAllyn McGillicuddy
 
PPTX
501 ch 2 understanding iam
bygocybersec
 
PPTX
Jagatjyoti dash
byJagatjyoti Dash
 
PPTX
The Future of integrated Identity and Access Management
byZoho Corporation
 
PDF
IAM: Getting the basics right
byDavid Doret
 
PDF
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
byBeyondTrust
 
PDF
Business Impact of Identity Management In Information Technology
byInternational Journal of Modern Research in Engineering and Technology
 
PDF
The Business Case for Account Lockout Management
byNetwrix Corporation
 
PPTX
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
PDF
What's New in Novell Identity Manager 4.0
byNovell
 
PDF
The 2016 Guide to IT Identity Management
byJumpCloud
 
PDF
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
byPaula Januszkiewicz
 
PDF
Security and the Service Desk
byNorthCoastHDI
 
PPTX
PACE-IT, Security + 5.3: Security Controls for Account Management
byPace IT at Edmonds Community College
 
Challenges of Active Directory User Management
byNetIQ
 
Active directoryaccountprovisioningwp
bywardell henley
 
Risk management of privileged users 2
byKen Willén
 
Identity Management
byVenkatesh Jambulingam
 
Co p
byAllyn McGillicuddy
 
Security Breaches from Compromised User Logins
byIS Decisions
 
Co p
byAllyn McGillicuddy
 
501 ch 2 understanding iam
bygocybersec
 
Jagatjyoti dash
byJagatjyoti Dash
 
The Future of integrated Identity and Access Management
byZoho Corporation
 
IAM: Getting the basics right
byDavid Doret
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
byBeyondTrust
 
Business Impact of Identity Management In Information Technology
byInternational Journal of Modern Research in Engineering and Technology
 
The Business Case for Account Lockout Management
byNetwrix Corporation
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
What's New in Novell Identity Manager 4.0
byNovell
 
The 2016 Guide to IT Identity Management
byJumpCloud
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
byPaula Januszkiewicz
 
Security and the Service Desk
byNorthCoastHDI
 
PACE-IT, Security + 5.3: Security Controls for Account Management
byPace IT at Edmonds Community College
 

More from NetIQ

PDF
Open Enterprise Server With Windows
byNetIQ
 
PDF
Mobile Apps in Your Business
byNetIQ
 
PDF
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
byNetIQ
 
PDF
Paraca Inc.
byNetIQ
 
PDF
The University of Westminster Saves Time and Money with Identity Manager
byNetIQ
 
PDF
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
byNetIQ
 
PDF
Swisscard Saves Time and Effort in Managing User Access
byNetIQ
 
PDF
Vodacom Tightens Security with Identity Manager from NetIQ
byNetIQ
 
PDF
University of Dayton Ensures Compliance with Sentinel Log Manager
byNetIQ
 
PDF
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
byNetIQ
 
PDF
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
byNetIQ
 
PDF
Netiq css huntington_bank
byNetIQ
 
PDF
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
byNetIQ
 
PDF
NetIQ Identity Manager Unites Hanshan Normal University
byNetIQ
 
PDF
Handelsbanken Takes Control of Identity Management with NetIQ
byNetIQ
 
PDF
Millions of People Depend on Datang Xianyi Technology and NetIQ
byNetIQ
 
PDF
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
byNetIQ
 
PDF
Central Denmark Region Strengthens Administrative Security with Identity Mana...
byNetIQ
 
PDF
Cloud Identity
byNetIQ
 
PDF
2014 Cyberthreat Defense Report
byNetIQ
 
Open Enterprise Server With Windows
byNetIQ
 
Mobile Apps in Your Business
byNetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
byNetIQ
 
Paraca Inc.
byNetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
byNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
byNetIQ
 
Swisscard Saves Time and Effort in Managing User Access
byNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
byNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
byNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
byNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
byNetIQ
 
Netiq css huntington_bank
byNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
byNetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
byNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
byNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
byNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
byNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
byNetIQ
 
Cloud Identity
byNetIQ
 
2014 Cyberthreat Defense Report
byNetIQ
 

Recently uploaded

PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Lab 4.1 Cloud IAM - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Blue Futuristic Cyber Security Presentation.pptx
byrdelosreyes538795
 
PDF
Lab 5.1 Architecture + Threat Modeling Exercise - 2nd Sight Lab Cloud Securit...
by2nd Sight Lab
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Lab 1.2 Introduction to Azure Automation - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
DMVPN Tunnels to multi sites in networks
byMahboabAliGhalib
 
PDF
Lab 4.4 More Cloud Logging and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Smart Buildings 2025 Wrapped! The Rise of Outcomes-as-a-Service
byMemoori
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Lab 4.1 Cloud IAM - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Blue Futuristic Cyber Security Presentation.pptx
byrdelosreyes538795
 
Lab 5.1 Architecture + Threat Modeling Exercise - 2nd Sight Lab Cloud Securit...
by2nd Sight Lab
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
How to Evaluate a High Performance Database
byScyllaDB
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Lab 1.2 Introduction to Azure Automation - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
DMVPN Tunnels to multi sites in networks
byMahboabAliGhalib
 
Lab 4.4 More Cloud Logging and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Smart Buildings 2025 Wrapped! The Rise of Outcomes-as-a-Service
byMemoori
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 

Scrubbing Your Active Directory Squeaky Clean

  • 1.
    Scrubbing your Active Directory SqueakyClean! Chris Radband Senior Solutions Consultant
  • 2.
    Lets talk about… •Cleaning up your Active Directory • What’s happening in your environment today • Controlling changes in your environment  eg. user lifecycle management • Empowering the user with self-service 32 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 3.
  • 4.
    Active Directory EnvironmentalClean-up Challenges of an unmanaged Active Directory Estate • Inactive Users • Disabled Users • Locked out users • Expired Users • Passwords never set to expire • Security Groups with no members • Nested Security Groups • Stale Computer Accounts • Mixed-Naming conventions • Reducing the number of Power Users These illustrate just a few common Security risks, Performance impacts and contributors to Audit failures seen in many environments of all sorts of sizes 44 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 5.
    How do youdeal with Clean-up today? Scripted and manual clean-up tasks are labour intensive, limited in functionality, inaccurate and often at worst can have all sorts of unexpected results! *Source: http://www.codeproject.com/Articles/18621/VBScript-to-Disable-Old-Accounts-in-Active-Directo 55 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 6.
    Automated Clean-up ofInactive Accounts 66 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 7.
    Automated Clean-up ofInactive Accounts Discovery: Process runs to determine which accounts are inactive 67 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 8.
    Automated Clean-up ofInactive Accounts Discovery: Process runs to determine which accounts are inactive Action: Request administrator or manager approval to disable account 68 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 9.
    Automated Clean-up ofInactive Accounts Discovery: Process runs to determine which accounts are inactive Action: Request administrator or manager approval to disable account Remediation: Account is disabled and therefore secured 69 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 10.
    What are today’schallenges, right now?
  • 11.
    Regulatory & OversightPressures Internal Audit Board of Directors – Oversight Groups 11 © 2011 NetIQ Corporation. All rights reserved.
  • 12.
  • 13.
    Increasing audit andcompliance requirements …not to mention good-practice! • • Identify Change when it happens • Catalogue managed and unmanaged changes • Detect high-profile changes • Provides detailed AD/GPO change history • Centrally record and audit AD/GPO changes • Easily integrates into your existing AD change process • © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved. Satisfying audit requirements/achieving compliance with regulations such as ISO 27001/2, Sarbanes-Oxley and PCI DSS • 7 13 Minimises the risk associated with Operational changes Feeding events backup to your Monitoring Infrastructure
  • 14.
    14 © 2011 NetIQCorporation. All rights reserved.
  • 15.
    Monitor for unmanagedGPO Changes 8 15 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 16.
    Be proactive: GPOchange: Email report sent to administrators 9 16 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 17.
  • 18.
    Managing Privileged/Non-privileged Users • Whyis it important? • The granular the better but no added complexity • Something which defines: - - - WHO– who are we delegating control to (for Active Directory). WHAT – what functionality/permissions are we delegating to the individual(s) WHERE – which objects are we allowing these individuals to execute their permissions on (most likely contain multiple objects). • Capable of managing an enterprise environment • Report on delegation • Controlled way to make changes to environment 11 18 | © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 19.
    Just in TimeAutomated Access 12 19 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 20.
    Just in TimeAutomated Access 12 20 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 21.
    Just in TimeAutomated Access 12 21 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 22.
    Just in TimeAutomated Access 12 22 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 23.
    User Provisioning, UserDe-provisioning, User Re-provisioning • Reducing the human element • Increasing Security & compliance • Does it increase consistency? • Is it truly efficient and does it save time? • Does the process work for your business today? • Can it accommodate the changes of tomorrow? 13 23 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 24.
  • 25.
    Password Management • It mayseem straightforward to us but the statistics are scary! – – 65% – 82% – 25 64% 76% © 2011 NetIQ Corporation. All rights reserved.
  • 26.
    Password Management • It mayseem straightforward to us but the statistics are scary! – – 65% – 82% – 26 64% - end users that write passwords down 76% © 2011 NetIQ Corporation. All rights reserved.
  • 27.
    Password Management • It mayseem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% – 27 64% - end users that write passwords down 76% © 2011 NetIQ Corporation. All rights reserved.
  • 28.
    Password Management • It mayseem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% - have forgotten a password – 28 64% - end users that write passwords down 76% © 2011 NetIQ Corporation. All rights reserved.
  • 29.
    Password Management • It mayseem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% - have forgotten a password – 29 64% - end users that write passwords down 76% - intrusions exploit weak or stolen credentials © 2011 NetIQ Corporation. All rights reserved.
  • 30.
    Password Management • It mayseem straightforward to us but the statistics are scary! – – 65% - use the same password for multiple accounts – 82% - have forgotten a password – • 64% - end users that write passwords down 76% - intrusions exploit weak or stolen credentials Instead, provide the user ability to reset password anytime and anyplace (at work, home, or on the road) – Increased productivity – lower TCO – – – Helpdesk freed to perform higher value tasks Users don’t have to wait for their password to be reset Increased security – – Challenge questions provide higher security than phone based user validation – 30 Users less likely to write password down on paper Password rules enable consistent enforcement of password policy © 2011 NetIQ Corporation. All rights reserved.
  • 31.
    Self Service Administration Empoweringthe Business User More than just Self Service Password Reset... • Further Frees up IT Resources • Giving the business users an On-Demand Service • Controlled way to deal with User Request • Being able to provide a timely response • Requesting access to resources • Mailbox Size Quota Increase Request • Group membership change request 14 31 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 32.
    NetIQ Solutions • Directory andResource Administrator • Aegis • Group Policy Administrator • Change Guardian for Active Directory • Self-Service Password Reset See NetIQ.com/Products 16 32 © 2011 NetIQ Corporation. All rights reserved. 2013 NetIQ Corporation. All rights reserved.
  • 33.
  • 34.