NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Verizon Data Breach Report 2011

Tags: , , ,

The 2011 Verizon Data Breach Investigations Report was released recently and there are a number of interesting findings. At a glance, these quick stats caught my eye on page 3:

  • 83% of the attacks were crimes of opportunity
  • 92% of the attacks were not highly difficult
  • 76% of all data was compromised from servers
  • 96% were avoidable through simple or intermediate controls

And of course, the mitigation recommendation on the same page:

“Audit user accounts and monitor privileged activity.”

One puzzling number was that only 17% of breaches were reported to be completed by insiders. I find that strange because greater than 80% were crimes of opportunity, not difficult, and easily avoidable. Those attributes would typically point to insiders who have the most opportunity.

Another interesting point:

“For the second year in a row, it is regular employees and end-users—not highly trusted ones—who are behind the majority of data compromises. This is a good time to remember that users need not be super users to make off with sensitive and/or valuable data.”

Have a read for yourself if you’re interested in more data on breaches and breach activity across the market. As always, I’d recommend to take this report in the context of all other similar reports, news articles, common sense, and your own experience.

Insider Errors

Tags: , ,

In case you missed our recent webinar on Insider Errors, NetVision’s David Rowe provided an engaging overview of insider errors, how they happen and their impact.  The webinar also gave a brief overview of NetVision’s access rights reporting solutions and some Q&A.

A recording is available through our partner Sparxent, who hosted the event:
http://www.sparxent.com/Webcast_Insider_Errors.wmv

Let us know if you’d like more information.

NetApp File Monitoring

Tags: , , , ,

NetApp file monitoring is finally right around the corner.  Our solution for monitoring activity on NetApp Filers is due to officially release in the coming weeks.  We’ll have file reads, changes, creates, deletes, permission changes, etc. baked into our already successful web-based reporting console which also reports on Windows file system activity, Active Directory, Microsoft Exchange, and Novell Netware, eDirectory and NSS on OES2 (SUSE Linux) platforms.  NetApp file activity monitoring will be available through the same solution that already provides full effective rights reporting – who has access to what – across Windows and NetApp devices.  Contact us for more information!

Reporting on Delegated Admin Rights

Tags: , ,

Management of Active Directory is commonly delegated to local or departmental administrators.  This means that certain individuals are (for example) granted permission to create user accounts and manage security groups within a given area of the directory.  Microsoft provides a built-in wizard (known as the Delegation of Control Wizard) to delegate these tasks which does the work of applying all the underlying permissions associated to the task.

For example, here are just a few of the many underlying permissions granted when you delegate the task [Create, delete, and manage user accounts] over an OU:

  • List Contents
  • List Object
  • Delete Object
  • Delete Subtree
  • Read Permissions
  • Read All Properties
  • Modify Permissions
  • Modify Owner
  • etc.

There are potentially hundreds of underlying permissions for any given delegated task.  The challenge, therefore, lies in being able to understand and report-on which rights have been delegated over time.  How do you know who has been delegated those permissions?  How do you know when underlying permissions are updated after the wizard has applied the task?  Or when rights are applied directly without using the wizard?  How do you know who has rights to create accounts through their group memberships when groups may be several levels deep?

NetVision’s Access Rights Inspector has built-in ability for in-depth reporting on rights over Active Directory objects and that includes reporting on the tasks delegated via the Delegation of Control Wizard.  It provides extremely useful reports and removes the guesswork and manual effort associated with understanding what tasks have been delegated throughout Active Directory.

Answers, Not Data: The Key to Access Security

Tags: , , , ,

NetVision has heard from its customers loud and clear that the holy grail of compliance reporting is enabling actual answers rather than just piles of data.  In this SC Magazine article, titled Answers, Not Data: The Key to Access Security, NetVision CEO David Rowe explains how next generation compliance solutions will be focused on answers and continuous audit rather than periodic audits that generate confusing or obfuscated data sets.

Permissions and Group Membership Cleanup

Tags: , ,

At NetVision, we hear from numerous organizations who are looking for help with cleaning up permissions that have gotten out of control over time.  David Rowe explains the challenges and provides some tips on how to tackle the job in this ESJ article titled Coming Clean: Getting a Handle on Permissions and Group Memberships.

Active Directory Group Clean Up

Tags: , ,

A recent edition of NetVision’s monthly newsletter AuditMonthly discussed the issues of permission bloat and group clean up.  There are some focus areas outlined in one of our solutions pages: Active Directory Group Clean Up.  We can help you get your arms around the issue, identify low hanging fruit, and clean things up.

Updated: Access Rights Inspector SSE

Tags: , , , ,

NetVision today released an updated version of Access Rights Inspector Single Server Edition.  The new version applies a fix to issues related to large volume size and the initial file/folder rights scan.  The SSE version is a free 30-day trial providing access rights reports on a single server. 

Access Rights Inspector SSE enables users to select user accounts/groups and files/folders to generate custom reports on access rights based on those selections.

Available Reports include:

  • Effective Rights: calculates permissions based on group memberships, inherited rights, ownership, and more.
  • Explicit Rights: provides explicit permission settings for selected accounts and resources.
  • Deny ACEs: provides a list of all locations where permissions are explicitly denied.

Click here to download a copy to get immediate reports on your server!

HIPAA: Windows Security and Active Directory

Tags: , , ,

In a new paper for NetVision customers titled Active HIPAA Response, we break down the security and privacy requirements found within the HIPAA regulation text and map NetVision policies and reports to those requirements. While organizations need to perform discovery of Protected Health Information (PHI), NetVision’s HIPAA compliance pack provides quick setup of compliance reporting related to Windows file system and Active Directory for complete coverage of Microsoft networking platforms.  The HIPAA package is also available for Novell networking environments.  NetVision isn’t claiming to make anyone compliant with a set of canned reports.  But, if you’re concerned about HIPAA requirements, the HIPAA compliance pack automates the creation of a set of reports that map to the areas within HIPAA for which NetVision can help.  Let us know if you’d like more information!

Take Ownership Issue

Tags: , , , ,

According to the two TechNet articles below, a user with the ‘take ownership’ permission on a file or folder should be able to assign ownership to a group of which they’re a member. Unfortunately, it doesn’t seem to work that way.  An error is thrown indicating that the user should have ‘restore files and directories’ permission in order to assign ownership to a group.

http://technet.microsoft.com/en-us/library/cc753659.aspx
http://technet.microsoft.com/en-us/library/cc780020(WS.10).aspx

Thanks! to FK for raising the issue (which contradicts information in the NetVision paper on Windows Access Rights)  It’s a fairly obscure find, but worth understanding.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.