NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Comparative Review: Active Directory Auditing Tools

Tags: , , , , , ,

NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Well said Windows IT Pro!

Of course, to get the details, please read the full article. And let us know if you have any questions.

Dormant Accounts

Tags: , , ,

I spend so much time thinking about the bleeding edge of access reporting that I often forget to mention the basics. In the next few posts, I’ll write about a few of those basic reporting needs  starting today with Dormant Accounts on both Microsoft Active Directory and Novell eDirectory.

These are accounts that have been dormant or unused for some period of time. The most obvious indicator of a user account being dormant is that it has not been used to authenticate in a while. You can easily see this by looking at the user object’s attributes. Obviously, a monitoring-only approach would not be able to tell you what’s NOT happening. So, to effectively report on inactivity, you need a solution that would query your network directory on your schedule. NetVision’s NVAssess does exactly that. And rather than ONLY offering a list of dormant accounts based on your criteria (30 days ? 90 days?), we have built-in ability to provide a nice chart that quickly identifies the dormant user accounts that are still enabled and therefore represent a greater security risk. And we can take that a step further.

Many of our manufacturing customers, as an example, have a significant subset of users that do not regularly authenticate. These employees don’t use computers for their day-to-day routines but occasionally need to log on to the network to access HR or other information. In these instances, we can extend our dormant account reporting to include additional logic. For example, members of a certain group or with a given attribute value can be identified separately from other employees. This makes it easy to see which dormant accounts are expected (or normal) and which may represent a higher risk profile.

NVAssess can also auto-process the dormant accounts based the your selected criteria to disable those accounts, revoke permissions, remove group memberships, and move the account to a specified OU within the directory. This makes the entire process automated and hands-off. When your executive staff or auditors run periodic reports, they’ll never find a list of still enabled dormant accounts that are in breach of your security policy.

NVAssess has been on the market for over 15 years. Dormant accounts reporting is just one drop in the bucket in terms of what it can do. Let us know if you’d like more details.

Setting up Windows and Active Directory Event Log Auditing

Tags: , , ,

There is more than meets the eye when it comes to Windows event log auditing for Active Directory or Windows file system. You can’t just “switch it on” as some might have you think. A recent NetVision white paper takes a lighthearted look at the steps involved in setting up Windows audit and event logging. It identifies some of the considerations and complexity related to Windows event log auditing. You can find the paper on our knowledge page. We invite you to take a look (quick registration required).

For an abbreviated version, take a look at our recent newsletter on this topic.

Identity Intelligence

Tags: ,

A phrase we’ve been hearing over the past six months or so when talking to industry analysts is Identity Intelligence. This is how the Identity and Access Management industry is viewing the reports and monitoring provided by software vendors  like NetVision. We don’t provide provisioning tools or SSO solutions, but our focus on access rights – Who has access to what? How did they get access? and How are they using access?  makes us a compelling addition to the enterprise Identity landscape. I’m stating it that way because many NetVision customers don’t have enterprise Identity solutions and don’t think in those terms, but for those that do, the phrase Identity Intelligencemight help put NetVision in perspective.

Here are two recent posts from Gartner’s Earl Perkins on the subject:

The Real Meaning of “Intelligence” in IAM
IAM: To Control, Observe, and Inform

Let us know if you have others to include in the discussion.

Insider Errors

Tags: , ,

In case you missed our recent webinar on Insider Errors, NetVision’s David Rowe provided an engaging overview of insider errors, how they happen and their impact.  The webinar also gave a brief overview of NetVision’s access rights reporting solutions and some Q&A.

A recording is available through our partner Sparxent, who hosted the event:
http://www.sparxent.com/Webcast_Insider_Errors.wmv

Let us know if you’d like more information.

NetApp File Monitoring

Tags: , , , ,

NetApp file monitoring is finally right around the corner.  Our solution for monitoring activity on NetApp Filers is due to officially release in the coming weeks.  We’ll have file reads, changes, creates, deletes, permission changes, etc. baked into our already successful web-based reporting console which also reports on Windows file system activity, Active Directory, Microsoft Exchange, and Novell Netware, eDirectory and NSS on OES2 (SUSE Linux) platforms.  NetApp file activity monitoring will be available through the same solution that already provides full effective rights reporting – who has access to what – across Windows and NetApp devices.  Contact us for more information!

Reporting on Delegated Admin Rights

Tags: , ,

Management of Active Directory is commonly delegated to local or departmental administrators.  This means that certain individuals are (for example) granted permission to create user accounts and manage security groups within a given area of the directory.  Microsoft provides a built-in wizard (known as the Delegation of Control Wizard) to delegate these tasks which does the work of applying all the underlying permissions associated to the task.

For example, here are just a few of the many underlying permissions granted when you delegate the task [Create, delete, and manage user accounts] over an OU:

  • List Contents
  • List Object
  • Delete Object
  • Delete Subtree
  • Read Permissions
  • Read All Properties
  • Modify Permissions
  • Modify Owner
  • etc.

There are potentially hundreds of underlying permissions for any given delegated task.  The challenge, therefore, lies in being able to understand and report-on which rights have been delegated over time.  How do you know who has been delegated those permissions?  How do you know when underlying permissions are updated after the wizard has applied the task?  Or when rights are applied directly without using the wizard?  How do you know who has rights to create accounts through their group memberships when groups may be several levels deep?

NetVision’s Access Rights Inspector has built-in ability for in-depth reporting on rights over Active Directory objects and that includes reporting on the tasks delegated via the Delegation of Control Wizard.  It provides extremely useful reports and removes the guesswork and manual effort associated with understanding what tasks have been delegated throughout Active Directory.

Permissions and Group Membership Cleanup

Tags: , ,

At NetVision, we hear from numerous organizations who are looking for help with cleaning up permissions that have gotten out of control over time.  David Rowe explains the challenges and provides some tips on how to tackle the job in this ESJ article titled Coming Clean: Getting a Handle on Permissions and Group Memberships.

NetVision is Hiring

Tags: ,

We’re looking for an experienced engineer to help with software builds, installation, and configuration management.  More details here.

NetVision Announces Relationship with Sparxent

Tags: ,

Today, NetVision announced our partnership with Sparxent.  More details here.

Quoted from the release:

“Today’s enterprises are strapped for resources and very often lack the expertise needed to meet compliance and audit demands,” said David Rowe, CEO of NetVision, Inc. “We’re pleased to be partnering with a value-add solutions developer like Sparxent who brings a true ground-level understanding of the business challenges related to audit and compliance. We see Sparxent as an integral part in extending our reach here and in the EMEA, where our customers will receive hands-on, localized support professionals to help them improve their audit results.”

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.