03.24.2017 , Auditing, Active Directory, by .

The Active Directory is one of the most important security mechanisms for any Windows network. The Active Directory contains everything from user accounts and password policies, to group policy settings. As such, most organizations put considerable effort into determining which Active Directory settings will best meet the organization’s security requirements. Even so, all of this careful planning can be undone by configuration drift. Configuration drift happens when changes gradually occur … Read more

03.17.2017 , File Server Auditor, Change Auditing, Auditing, by .

For many organizations, IT operations are driven by regulatory compliance requirements. Systems containing sensitive data must be secured and maintained in a way that adheres to the regulatory requirements. Industry specific applications, such Electronic Health Records systems, are commonly designed with regulatory compliance in mind. After all, the application vendor knows which industry will use the application, and what the regulatory requirements are for that industry, and can therefore design … Read more

03.09.2017 , Auditing, Active Directory, by .

For organizations that use Windows Server, nearly all authentication and access control related tasks are tied to the Active Directory. Additionally, application configuration information is also sometimes stored in the Active Directory. Given everything that the Active Directory does, it would not be a stretch to think of the Active Directory as being the glue that ties all of an organization’s IT resources together. Because the Active Directory is such … Read more

03.03.2017 , Security, Auditing, by .

In this post, I’ll explain how Privileged Access Management (PAM) in Windows Server 2016 can be used to protect privileged credentials, and provide an outline of the solution’s architecture. It’s common to find IT staff assigned permanent domain administrator privileges, or others that are local administrators on devices used for managing the domain and sensitive systems, making it easier for malicious users to hack line-of-business systems. Adding users to privileged … Read more

02.28.2017 , Compliance, by .

Any organisation that accepts and stores credit card details must comply with the PCI-DSS (Payment Card Industry Data Security Standard). The standard was introduced in an attempt to reduce the chances of credit card fraud. While most Active Directory implementations don’t store credit card details, they may still be subject to a PCI audit. Non-Compliance of PCI can lead to lawsuits, fines, insurance claims, and a subsequent loss of sales … Read more

02.22.2017 , Security, Auditing, by .

Introduced in Windows Server 2008, Access-Based Enumeration (ABE) provides system administrators with an additional tool for protecting sensitive information on file servers. First available as an add-on package for Windows Server 2003 before being available out-of-the-box in Windows Server 2008, ABE prevents users from seeing files and folders to which they don’t have access, which might be useful in cases where folder names contain sensitive information, if the location of … Read more

02.16.2017 , Security, by .

There are three basic principles to consider when deciding how to provide access to sensitive data in a secure manner, namely: Confidentiality, Integrity, and Availability. These principals are collectively known as the CIA triad. Confidentiality The level of confidentiality will naturally determine the level of availability for certain data. Confidentiality is a question of how, and where, the data can be accessed. To ensure confidentiality, one must safeguard the data … Read more

02.08.2017 , Security, by .

As of May 2018, the General Data Protection Regulation (GPDR) will come into effect, which sets out to harmonise and strengthen data protection for individuals within the European Union. Under this new directive, appointing a DPO (Data Protection Officer) is a mandatory requirement for companies and organisations who either employ more than 250 people or require the storing and processing of public data. It’s is important to note that, the … Read more

02.03.2017 , Compliance, by .

For those who don’t know about GDPR, it stands for the General Data Protection Regulation, and is a new set of rules passed by the European Union which aim to reform the out-dated and inconsistent EU Data Protection Directive. The GPDR will come into effect from May 2018 and will be applicable across all 28 EU member states. However, for those of you that believe Brexit means you won’t be … Read more

01.20.2017 , Change Auditing, Security, Auditing, Active Directory, by .

In view of the rapidly increasing security risks IT enterprises are facing, securing the Active Directory from privilege misuse and abuse has become a global concern. Domain administrator rights are often granted to Active Directory users with to allow them to accomplish various tasks inside or outside of the network. However, giving large numbers of users privileged access can be problematic – occasionally leading to privilege abuse in the form … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.