Active Directory Permissions
commissum provides an AD Permissions Audit to ensure Microsoft Active Directory security.
Many organisations moved to the Active Directory (AD) platform several years ago. They believe that if they have IP addresses, files, printing, Internet access and email, then the AD must be in order.
Indeed, it may well be functioning adequately at a basic level, but on the other hand it may not be. In either case, the AD is unlikely to be robust, and almost certainly will not be documented.
Over the course of time, assignment of permissions across your infrastructure will have become fragmented as employees change roles. In addition, separation of duties (if built in originally) may have slipped, controls may no longer be rigorous enough, and security gaps may lead to security issues
. This "permissions creep" is of particular concern where permissions may "open a back door" into your infrastructure for remote users and third-party VPN users.
To address this problem, commissum has developed an Active Directory Permissions Audit, whereby we conduct a security-driven investigation into user and administrator permissions within the directory infrastructure. This audit identifies irregular permissions and permissions that appear to be excessive or outdated.
commissum's approach is to audit membership of groups to assist in:
- Identifying users in an excessive number of groups.
- Identifying users in legacy groups.
- Identifying users in sensitive groups.
- Identifying users in administrative groups.
commissum will audit access rights on key programs, prioritising users and groups relating to third-party VPN access. This process assists in the following:
- Identification of excessive rights for executing sensitive server functions.
- Identification of excessive rights to IT support functions.
- Identification of legacy permissions.
- Production of a report on the above, which includes recommendations to address current issues, and any high-level recommendations as to future monitoring and management.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
Fri 22 Nov, 2013 //
Tue 12 Nov, 2013 //
Fri 08 Nov, 2013 //