What is Gold Finger?
Gold Finger is a suite of seven Active Directory Audit tools that help IT personnel audit, analyze, assess and verify security, access and effective-access in their mission-critical Active Directory deployments. For instance, it can help Windows Admins, IT Security Analysts, Security Penetration Testers, IT Security Managers and Security/Compliance Auditors fulfill their Active Directory related audit needs.
What are the seven tools that the Gold Finger suite is comprised of?
The Gold Finger suite is comprised of the following 7 Active Directory Audit Tools –
- Active Directory Security Audit Tool
- Active Directory Group Membership Reporting Tool
- Windows Access Token Viewer and Kerberos Token-Size Calculator
- Active Directory ACL Viewer and ACL Exporter
- Active Directory Permissions Analyzer
- Active Directory Effective Permissions + Effective Access Calculator
- Active Directory Administrative Access and Delegation Audit Tool
Are each of these tools installed as seperate applications, or are they a part of a single application?
Each of these tools are a part of the Gold Finger suite, so they are installed as a single application i.e. the Gold Finger application which can be installed on any machine.
In other words, you simply install a single application, and any tools that you license are made available for use within the encompassing Gold Finger application.
What does it take to deploy Gold Finger?
Gold Finger is a simple 32-bit Windows application (like Winzip) that can be instantly downloaded, installed and deployed on any domain-joined computer in under 2 minutes.
It has no deployment dependencies whatsoever – no services to install, no agents to deploy and no administrative access to provision. It is a simple Windows application.
How are these tools licensed?
The various tools available in the Gold Finger Suite may be licensed individually, or in any combination. In addition, they are also offered in 7 unique editions, 001 through 007, that each offer a unique pre-set combination of tools. In general, most licenses are offered on an annual basis (Subscription Model) although short term licenses may be available for certain tools. For additional details on pricing, editions and license duration, please click here or contact us.
How is Gold Finger different from other Active Directory based reporting/auditing solutions that may be available from other vendors?
While there are many Active Directory auditing/reporting solutions offered by many vendors, only Gold Finger can accurately determine effective-permissions and effective delegated-access in Active Directory, and thus only Gold Finger can accurately perform a proactive audit of access and effective-access grants in Active Directory deployments.
Specifically, only Gold Finger's patented access assessment/audit capabilities provide accurate access-assessment reporting/audit capabilities. Other solutions claim to deliver access insight, but in fact their insight is NOT based on the determination of effective access; they simply perform permissions audits; in fact they are all unable to perform effective access audits.
Most other solutions are in fact auditing solutions that are marketed as audit solutions. They are not really audit solutions, the difference being that an audit solution is proactive in nature (i.e. shows who can do what BEFORE the fact), whereas an auditing solution is reactive in nature (i.e. shows who did what AFTER that fact.) Proactive insight can be invaluable in preventing a security incident.
Gold Finger is also the world's most trustworthy suite of Active Directory audit tools, having been 100% developed in and supported from within the U.S., coded by U.S. citizens, and featuring active application security protection designed to provide a highly trustworthy reporting experience.
What is unique about Gold Finger's audit/reporting capabilities?
Gold Finger is the only Active Directory audit tool suite in the world that can determine true effective-permissions and true effective privileged access in Active Directory environments.
These unique capabilities lets organizations perform Active Directory effective privileged access audits to instantly determine exactly who effectively has what privileged access in their Active Directory, including where and how. These unique capabilities are powered by its Microsoft-endorsed, patented, access assessment algorithms, which simulate real Active Directory access checks to deliver 100% accuracy.
How does Gold Finger help organizations enhance security, perform audits and demonstrate compliance?
In Microsoft Windows Server based IT infrastructures, Active Directory is the foundation of identity, security and access management, as it stores and protects vital IT resources such as user accounts, computer accounts, security groups and security policies. It is also the focal point of administrative delegation.
Organizations have a mission-critical need to know what the state of security of vital IT resources stored in the Active Directory, and more importantly to know who is provisioned/delegated what administrative access in Active Directory, and how.
For example, organizations need to know how many user accounts are currently disabled, but equally importantly, they also need to know how many individuals can currently enable these disabled accounts, and how so. Such information is absolutely essential to maintaining security, performing security, access and effective-access audits and demonstrating the regulatory compliance of Active Directory resource security and access rights.
Gold Finger empowers organizations to obtain this essential information in the form of 100% accurate and real-time security and effective access audit reports, which can be generated on-demand, and easily printed and furnished as evidence for demonstrating regulatory compliance and for internal security audits.
What are the minimum requirements to deploy Gold Finger?
Gold Finger is a simple 32-bit Microsoft Windows executable that can run on any Windows machine.
It can be installed in under two minutes on any domain-joined machine and requires no administrative access, agent installations, service configuration, or Schema changes at all to deploy.
Gold Finger only requires that it be deployed on a machine that has least 100 MB of free disk space, at least 1 GB of RAM and a minimum screen resolution of 1024 x 768.
Does the use of Gold Finger require the opening of any additional firewall ports?
No. Gold Finger does not require any additional ports to be opened on firewalls, other than those that may already be open and required for the normal functioning of Active Directory.
What are the installation requirements for Gold Finger?
Gold Finger is a simple light-weight, zero-dependency, Windows 32-application, and it only requires a domain-joined machine for installation.
It can be installed in under two minutes and it does not require any domain-administrative privileges to install or use. It only imposes the most basic of installation requirements, which are as follows –
- Any Microsoft Windows operating system (except Windows 10)
- A domain-joined computer
- At least 1 GB of RAM and 30 MB of HDD space
- A minimum screen resolution of 1024 x 768
Does one need to install any services to use Gold Finger?
No. Gold Finger is a simple client-side Windows 32-application that can be installed and run from any domain-joined machine. It does not involve or require any service to be installed on any machine in your environment.
Does one need to install any agents to use Gold Finger?
No. Gold Finger is a simple client-side Windows 32-application that can be installed and run from any domain-joined machine. It does not involve or require the installation of any agents anywhere in your environment.
Does one need to have administrative access to use Gold Finger?
No. Gold Finger is a simple LDAP client that operates in the security context of a domain user account. It merely performs read access on Active Directory content, and by default Authenticated Users have read access to all Active Directory content. As a result, no administrative access is required to use Gold Finger.
What IT security risk does Gold Finger help organizations mitigate?
Gold Finger helps organizations mitigate the critical security risk of unauthorized privilege escalation (Active Directory Privilege Escalation) and its subsequent misuse, which is made possible by the presence of unauthorized administrative access grants in Active Directory.
Specifically, in most Active Directory deployments, there is a very high likelihood of the existence of powerful delegated administrative access grants that should not exist but that do nonetheless exist, because, over time numerous individuals are delegated and undelegated access but because it is inherently difficult to precisely specify and assess delegated access in Active Directory, delegated access grants are seldom completely or reliably revoked, and thus remain largely undetected, for months or years.
The presence of these unauthorized delegated administrative access grants poses a clear and present danger to organizational security, because it provides malicious entities an easy avenue to obtain and subsequently misuse administrative power, whether over a small or a large set of Active Directory objects.
How serious is this security risk?
This is a very serious risk because the potential for inflicting damage to the organization is colossal, the attack surface is vast, the effort required to enact the threat is minimal, and one of the only two technical requirements needed to enact the threat is already satisfied. An attacker needs to find just ONE security privilege escalation path to completely compromise organizational security. For more information on this risk, please click here.
For details or a demonstration, please contact Paramount Defenses Inc.
How easy is it to identify and exploit unauthorized privileged/administrative access grants?
These unauthorized delegated administrative access grants are not very difficult to identify because all that is technically required to identify these grants is access to Active Directory security permissions, and in Active Directory this access is granted by default to everyone with a domain user account.
With read access to Active Directory security permissions available, the identification of unauthorized access grants simply requires the application of moderate Active Directory security expertise, or the use of a tool which partially or completely (e.g. Gold Finger) automates the identification of provisioned access grants.
Once identified, the exploitation of an unauthorized access grant is a relatively simple operation that only requires the enactment of a common administrative task, such as resetting a user account's password.
What is the likelihood of someone identifying and exploiting unauthorized privileged/administrative access grants?
With the entire user population of an Active Directory deployment having sufficient read access to Active Directory security permissions by default, potentially any individual with a domain user account could attempt to identify and exploit unauthorized administrative grants.
With the potential of being rewarded with privileged access, the motivation, and thus likelihood, for attempting to identify and exploit unauthorized privileged access seems plausibly high.
How does Gold Finger help organizations mitigate this security risk?
This security risk is posed by the existence of unauthorized delegated/provisioned privileged/administrative access grants that are hard to identify by the naked eye and /or by a simple assessment of Active Directory security permissions i.e. they are hard to identify by performing a simple permissions (access) audit.
The most difficult part in mitigating this unique security risk is identifying these unauthorized access grants, for once identified, these grants can be instantly revoked by IT admins with relatively substantial ease.
Gold Finger makes the identification of these unauthorized privileged/administrative access grants as easy as touching a single button, because it is the only tool in the world that can accurately audit effective access in Active Directory thereby empowering organizations to instantly identify all unauthorized access grants, and enabling organizational IT admins to then effortlessly eliminate these grants before they can be identified and potentially exploited by malicious entities seeking to inflict damage or compromise security.
Are all tools in the Gold Finger suite supported?
Yes, all tools in the Gold Finger Suite are backed by world-class technical support (as is the free edition) and the cost of a license includes annual maintenance and basic email based technical support. In addition, our customers can also choose from amongst two paid technical support plans that facilitate the availability of timely and proficient technical support.
I need technical support. Where do I start?
If you have an encountered an issue using the Gold Finger and require assistance, please visit the Technical Support section of our website.