 
| |||||||||||||||||||||||||||||||||||||||||
|
Media Coverage
May 07, 2008 – Putting the finger on AD ACL VulnerabilitiesBy Dan Blum, Senior VP & Research Director, BURTON GROUP Active Directory in the large enterprise environment has multiple powerful domain administrators, a bewildering array of OS-integrated functions, a powerful delegation capability, inheritance, and many privileged service accounts and group objects for discretionary access control. . . . . . It is very difficult for security staff or auditors to know who has access to what. Gold Finger provides an easier way to point at accounts, groups or other entries in the directory and list out their "resultant access control" information. With the tool, administrators can seek out paths to privilege that are not appropriate and perhaps unnecessary. Then get rid of them. Read the entire article here.
January 12, 2008 – Giving Active Directory The FingerBy Andrew Conry-Murray, INFORMATION WEEK Do you know who has permission to reset passwords, create accounts, and elevate permissions in your organization? Former Microsoft program manager of Active Directory, bets the answer will surprise – and dismay – your security and compliance officers . . . . . . the potential for the product is stunning. Active Directory's market share means an almost unlimited customer base, especially among large organizations. In addition, managing authorization and access control is a security best practice as well as a requirement of many regulations. . . . . . . This looks like a company to keep an eye on. Read the entire article here.
September 26, 2006 – Fending off an Active Directory attackBy Margie Semilof, TECH TARGET Why bother attacking a Windows server when attacking Active Directory can provide you with the keys to the kingdom? . . . . . .Active Directory might be compromised in several ways, but most hacks are caused by people using escalation of privilege made possible by excessive entitlements. The perpetrator finds an anonymous user and escalates that user's privilege to an administrator or to a domain administrator. Most of privilege escalations are facilitated or enabled by the presence of excessive entitlements . . . . . ."For an attacker, the ability to acquire domain administrator privileges would be having access to the crown jewels," said Daniel Blum, group analyst at Burton Group, a Midvale, Utah-based consulting firm. "You could get into everything that was dependent on Microsoft's security model." Read the entire article here.
August 22, 2005 – Microsoft makes key hire for InfoCardBy Dave Kearns, NETWORK WORLD In a company as large as Microsoft, the comings and goings of employees can often be overlooked. But there were two transactions this month - one coming, one going - that ought to be of interest . . . . . .Sanjay Tandon was packing his bags and headed out the door of Bill Gates & Co. Sanjay had been program manager for Active Directory Security. As one Microsoft MVP ("Most Valuable Professional") said: Sanjay was one of the AD Dev Security guys (a PM actually) at Microsoft. He was directly responsible for putting together the AD Delegation Whitepaper that, quite frankly should have been sent along with every copy of Windows 2000 from Day 1 . . . . . .If you browse through his breathtakingly beautiful Web site you’ll hopefully come to realize the passion that’s driving him. Read the entire article here. |
|
|
|