NetVision Company Blog

A Discussion on Effective Audit of User Access

Dormant Accounts

Tags: , , ,

I spend so much time thinking about the bleeding edge of access reporting that I often forget to mention the basics. In the next few posts, I’ll write about a few of those basic reporting needs  starting today with Dormant Accounts on both Microsoft Active Directory and Novell eDirectory.

These are accounts that have been dormant or unused for some period of time. The most obvious indicator of a user account being dormant is that it has not been used to authenticate in a while. You can easily see this by looking at the user object’s attributes. Obviously, a monitoring-only approach would not be able to tell you what’s NOT happening. So, to effectively report on inactivity, you need a solution that would query your network directory on your schedule. NetVision’s NVAssess does exactly that. And rather than ONLY offering a list of dormant accounts based on your criteria (30 days ? 90 days?), we have built-in ability to provide a nice chart that quickly identifies the dormant user accounts that are still enabled and therefore represent a greater security risk. And we can take that a step further.

Many of our manufacturing customers, as an example, have a significant subset of users that do not regularly authenticate. These employees don’t use computers for their day-to-day routines but occasionally need to log on to the network to access HR or other information. In these instances, we can extend our dormant account reporting to include additional logic. For example, members of a certain group or with a given attribute value can be identified separately from other employees. This makes it easy to see which dormant accounts are expected (or normal) and which may represent a higher risk profile.

NVAssess can also auto-process the dormant accounts based the your selected criteria to disable those accounts, revoke permissions, remove group memberships, and move the account to a specified OU within the directory. This makes the entire process automated and hands-off. When your executive staff or auditors run periodic reports, they’ll never find a list of still enabled dormant accounts that are in breach of your security policy.

NVAssess has been on the market for over 15 years. Dormant accounts reporting is just one drop in the bucket in terms of what it can do. Let us know if you’d like more details.

eDirectory and Netware Audit

Tags: , ,

NetVision was founded in 1995 by former Novell engineers who had tremendous knowledge of NDS (which became eDirectory) and Netware.  That knowledge became the core of NetVision’s solution offerings as they introduced solutions for audit and monitoring of Netware and NDS.  One of NetVision’s early products was a syncronization tool that sync’ed data between Netware/NDS and Windows NT environments.

As the market for Netware grew smaller and the market for Micorosft Windows grew larger, NetVision made the obvious moves.  They took their knowledge of directory and file system access rights and applied it to Microsoft’s Active Directory and Windows.  They also followed Novell’s moves to Linux and built a solution for eDirectory on Linux. Today, NetVision provides a complete solution that works across both Novell and Microsoft environments for audit, monitoring, and reporting.

You may have seen us at Brainshare where we host an annual party and spend time with many customers that we’ve built strong relationships with over the years.  Many of them tell us stories about how NetVision has made their lives easier, which is nice to hear.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.