risk management of privileged users 2
DESCRIPTION
Spændende præsentation om hvorledes man håndterer priviligerede brugere i Active Directory i forhold til sikkerhed og compliance via et simpelt værktøjTRANSCRIPT
![Page 1: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/1.jpg)
Risk Management of Privileged Users
June, 2014
![Page 2: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/2.jpg)
Understanding the Challenge
![Page 3: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/3.jpg)
3
The situation for privileged users
Often these accounts are Non Personal
Created during Projects for Specific Task
Clear and Static set of Entitlements
When Created an End Date is not Foreseen
![Page 4: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/4.jpg)
4
That creates Challenges
Often Privileged Accounts do not get Cleaned Up
Nobody knows How Many there are
Nobody knows Which Entitlements they have
Nobody knows which ones are No Longer In Use
![Page 5: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/5.jpg)
Which steps do you need to follow to get back in to control
![Page 6: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/6.jpg)
6
Step 1: Discover
In the Discovery Phase all NPA’s / Privileged Accountsare detected within the infrastructure. For most of
those we can assess right away if they are still actively being used or not.
![Page 7: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/7.jpg)
7
Step 2: Monitor
For those accounts for which not directly canbe established if/how they are being used,
a monitoring process is started.
![Page 8: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/8.jpg)
8
Step 3: Clean Up!
All NPA’s / Privileged Accounts that are no longer being used, will be decommissioned during
the third phase: the Clean Up.
![Page 9: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/9.jpg)
9
Step 4: Manage
All accounts are being put into a Managed Lifecycle. Responsibility is placed under a role, owned by a‘normal’ identity and an expiration date is added.
![Page 10: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/10.jpg)
10
Focus on the basics
Enforce access controls
Monitor user
activity
Minimizerights
![Page 11: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/11.jpg)
How to make your Active Directory safe and compliant
![Page 12: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/12.jpg)
12 © 2012 NetIQ Corporation. All rights reserved.
The Current State of Active DirectoryWhere are we at? Where are we going?
Native
Critical
Automation
SECURITYDemand for better controls over user permissions and
changes, richer reporting and auditing capabilities
Active Directory’s role in the enterprise is evolving to meet
business demands
Microsoft native tools lack fine-tuned administration
features
Automating processes could
decrease workload and simplify compliance
![Page 13: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/13.jpg)
13 © 2012 NetIQ Corporation. All rights reserved.
What NetIQ Provides NetIQ Directory and Resource Administrator
• Features
‒ Secure delegated administration
‒ Centralized auditing & reporting of account management tasks
‒ Automation of repetitive tasks
‒ Enforcement of account policies
• Benefits
‒ Reduces administration costs
‒ Increases administration efficiency
‒ Assures enterprise security
‒ Helps achieve compliance
![Page 14: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/14.jpg)
14 © 2012 NetIQ Corporation. All rights reserved.
Secure, Delegated AdministrationNetIQ Directory and Resource Administrator
• What is it?
‒ Dramatically simplifies the delegation of administrative entitlements across Active Directory
• Benefits
‒ Reduces the number of native privileged accounts
‒ Delegate administrative tasks out across the organization
‒ Using ActiveView technology, administrators only see what they are allowed to manage
Puts greater control overadministrative capabilities,assuring the security ofActive Directory
![Page 15: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/15.jpg)
15 © 2012 NetIQ Corporation. All rights reserved.
Centralized Auditing of AdministrationNetIQ Directory and Resource Administrator
• What is it?
‒ Captures all account management activities
‒ Identifies who did what, when, and where
• Benefits
‒ Enforcement of activity auditing
‒ Capturing & centralizing activities in a multi-master environment
‒ AD security audit log conciseness & interpretation
‒ Complete audit trail
Helps achieve regulatorycompliance and securitybest practices
![Page 16: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/16.jpg)
16 © 2012 NetIQ Corporation. All rights reserved.
‒ The Reporting Center Console allows you to view, configure, and create reports based on data collected by DRA servers.
Reporting Center Console
![Page 17: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/17.jpg)
17 © 2012 NetIQ Corporation. All rights reserved.
Enforcement of Account PoliciesNetIQ Directory and Resource Administrator
• What is it?‒ Ensure policy is enforced across
administrative-related activities
• Benefits‒ Content control through data validation
policies
‒ Data correctness and compliance
‒ Assures content consistency as well as contextual control
‒ What and when changes are made
‒ Ability to review and rollback deleted objects
Assures data integrity,accuracy, and improvedcontrol over changes
![Page 18: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/18.jpg)
18 © 2012 NetIQ Corporation. All rights reserved.
Automation of Repetitive TasksNetIQ Directory and Resource Administrator
• What is it?
‒ Facilitates the automation of repetitive activities to reduce the level of required human interaction
• Benefits
‒ Assures that all steps are carried out correctly, in order, and completely
‒ Ability to integrate and launch 3rd-party applications and scripts from within the console
‒ Examples: Mailbox creation, disk quota reporting and more
Increases administratorefficiency
![Page 19: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/19.jpg)
19 © 2012 NetIQ Corporation. All rights reserved.
Privileged User Management
Microsoft AD
![Page 20: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/20.jpg)
20 © 2012 NetIQ Corporation. All rights reserved.
Adm
inist
ratio
n la
yer
Privileged User Management
Microsoft AD
![Page 21: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/21.jpg)
21 © 2012 NetIQ Corporation. All rights reserved.
Adm
inist
ratio
n la
yer
Privileged User Management
Privileged Users
Microsoft AD
Delegated Admin
![Page 22: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/22.jpg)
22 © 2012 NetIQ Corporation. All rights reserved.
Granular Delegated Administration
Adm
inist
ratio
n la
yer
Privileged Users
Microsoft AD
Delegated Admin
![Page 23: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/23.jpg)
23 © 2012 NetIQ Corporation. All rights reserved.
Adm
inist
ratio
n la
yer
Recycle Bin for Easy Restoration
Privileged Users
Microsoft AD
Delegated Admin
![Page 24: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/24.jpg)
24 © 2012 NetIQ Corporation. All rights reserved.
Adm
inist
ratio
n la
yer
Full Audit Trail & Enhanced Reporting
Privileged Users
Microsoft AD
Delegated Admin
![Page 25: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/25.jpg)
25 © 2012 NetIQ Corporation. All rights reserved.
Adm
inist
ratio
n la
yer
AD user provisioning through DRA
Privileged Users
Microsoft AD
Delegated Admin
Identity Manager
![Page 26: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/26.jpg)
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.26
Thank you.
![Page 27: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/27.jpg)
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.27
+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]
Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA
www.netiq.com/communities
![Page 28: Risk management of privileged users 2](https://reader034.vdocuments.us/reader034/viewer/2022051817/54799b0ab4af9fbe158b48c6/html5/thumbnails/28.jpg)
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2014 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.