Active Directory Permissions
commissum provides an AD Permissions Audit to ensure Microsoft Active Directory security.
Many organisations moved to the Active Directory (AD) platform several years ago. They believe that if they have IP addresses, files, printing, Internet access and email, then the AD must be in order.
Indeed, it may well be functioning adequately at a basic level, but on the other hand it may not be. In either case, the AD is unlikely to be robust, and almost certainly will not be documented.
Over the course of time, assignment of permissions across your infrastructure will have become fragmented as employees change roles. In addition, separation of duties (if built in originally) may have slipped, controls may no longer be rigorous enough, and security gaps may lead to security issues
. This "permissions creep" is of particular concern where permissions may "open a back door" into your infrastructure for remote users and third-party VPN users.
To address this problem, commissum has developed an Active Directory Permissions Audit, whereby we conduct a security-driven investigation into user and administrator permissions within the directory infrastructure. This audit identifies irregular permissions and permissions that appear to be excessive or outdated.
Approach
commissum's approach is to audit membership of groups to assist in:
- Identifying users in an excessive number of groups.
- Identifying users in legacy groups.
- Identifying users in sensitive groups.
- Identifying users in administrative groups.
commissum will audit access rights on key programs, prioritising users and groups relating to third-party VPN access. This process assists in the following:
- Identification of excessive rights for executing sensitive server functions.
- Identification of excessive rights to IT support functions.
- Identification of legacy permissions.
- Production of a report on the above, which includes recommendations to address current issues, and any high-level recommendations as to future monitoring and management.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
Latest News
Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years
A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...Wed 08 May, 2013 //
Suspected hacker arrested after “biggest-ever DDoS attack”
Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...Tue 30 Apr, 2013 //
Hackers break into large cloud provider, claim to have credit card details
Some days ago, hackers gained access to computers owned by Linode, a company providing cloud services in the form of virtual Linux servers. The hackers gained access by using a “zero-day vulnerability” (a previously unsuspected security weakness) in Adobe ColdFusion, the software used in running the Linode web server. It ...Fri 26 Apr, 2013 //
