ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: Identity Management and Active Directory


Member

Posts: 8
Date: Dec 14, 2010
Identity Management and Active Directory
Permalink  
 


Hi,

I have a simple but yet abstract question regarding identity management as it relates to Active Directory and Windows Server, especially since there has been such a buzz about identity management over the last few years.

I would like to know what constitues an identity in a Windows network?

Thanks,
Bob



__________________

Go Proteas... we are the champions!  (; and some boring stuff.)



Member

Posts: 21
Date: Jun 15, 2011
RE: Identity Management and Active Directory
Permalink  
 


Bob,

Shalom. I think it can be safely said that on the Microsoft Windows Server platform, a user's domain user account constitutes a user's identity.

One can make this claim based on the fact that it the user's domain account that is used to uniquely identify the user, and that is used by the user to log-on to the system and engage in a variety of computing tasks, such as communicating (sending and receiving mail), accessing network resources, and creating and sharing IT resources.

It is also the domain user account that is captured in auditing logs when a user performs an action for which auditing is enabled.

Lehitra'ot.

- Ishmael.



__________________

There isn't a system that cannot be broken into.



Member

Posts: 9
Date: Jul 15, 2011
RE: Identity Management and Active Directory
Permalink  
 


Hi Rossi,

You bring up a very good point. If a domain user account is the user's corporate identity in organizations, then what is the easiest way in which a hacker or an insider could engage in corporate identity theft?

I ask only because the number of security incidents only continues to rise, and the risk of the compromise of corporate identities to me is a really serious risk to think about.

Johnny



__________________


Member

Posts: 16
Date: Jun 27, 2012
RE: Identity Management and Active Directory
Permalink  
 


Rossi, 

I would agree with Ishmael, that an emplyee's domain user account constitutes the user's corporate identity. After all, from logon to group memberships, and from scripts to policies, everything is tied to the user's domain account.

I would also agree with Johnny that corporate identity theft is on the rise and that the easiest way to steal a corporate identity is to reset a user's password.

Chad.



__________________


Member

Posts: 8
Date: Jun 29, 2012
RE: Identity Management and Active Directory
Permalink  
 


Hi Chad,

That's very interesting. I never did think about the fact that the easiest way to engage in corporate identity theft is to reset a user's password.

So, I suppose, by reducing the number of people who can reset employee passwords, one could reduce the risk of corporate identities getting compromised, right? 

It would also be nice if we could empower our employees to be vigilant and keep an eye on ensuring that not a lot of people can reset their passwords.

Incidentally, if this were possible, how would manifest itself? I mean could a script accomplish or would it be a periodic audit, or something?

Ideas?

Thanks,

Rossi.



__________________

Go Proteas... we are the champions!  (; and some boring stuff.)



Member

Posts: 12
Date: Jul 23, 2012
Identity Management and Active Directory
Permalink  
 


Rossi,

There is a way to empower your employees to be vigilant about who can reset their passwords.

In fact, empowering them is very helpful because it increases accountability and promotes transparency, and because more eyes are always better than a few, its actually a good security practice.

We have empowered all of our IT admins to be able to easily keep an eye on who can reset whose passwords. We do so via a solution called Gold Finger Mini.

This tool makes it really easy to find out who can reset whose passwords in our Active Directory, and thus substantially reduce the threat of corporate identity theft based on password resets.

In case you're interested, its over at - www.paramountdefenses.com/goldfinger_mini

There's a free edition as well that can show you which of your colleagues can reset your password today.

Nic++



__________________
Bond: There’s a name to die for! (Die Another Day)
Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me