The surge of disruptive technologies like cloud-based systems, mobile apps and BYOD makes identity and access management (IAM) an increasingly difficult and complex task for infosec pros. This guide covers the fundamentals of IAM and associated issues, including the business concept and technology. It delves into how mobility impacts IAM and also covers issues like password policy and management, Active Directory and LDAP security, and provisioning tools for the enterprise user. It also delves into the now critical issue, privilege creep -- how to recognize it and remedies to stop it. This guide will help you plan, implement and manage an effective IAM program in your enterprise.
Identity and access control is nothing new but it certainly is changing, just as the network too is changing. While always intended to keep the network secure by building controls around who can access it, now IAM must also adapt to new developments, like the cloud, the proliferation of employee mobile devices, software as a service (SaaS), not to mention compliance requirements. In this module, you'll gain an understanding of what IAM is and how the concept in general, and IAM products in particular, have adapted to new technological advances.
Learn which identity and access management products scored with TechTarget readers in 2013. Continue Reading
Password management and policy
Passwords are central to securing the network and, therefore, password management is central to IAM. This section examines the password management tools out there, how best to use them and what to avoid.
Default credentials trigger a serious vulnerability in Cisco's TelePresence system -- here's what to do about that. Continue Reading
ICloud Keychain may be able to sync passwords across devices without using iCloud, but does that mean it's secure? Continue Reading
Do you understand the vulnerabilities of Google Chrome plaintext passwords? Continue Reading
Privileged users, privilege creep and tools that can manage them
The security breach by Edward Snowden, the NSA employee who stole and released thousands of sensitive documents, has succeeded in making enterprises more aware of the threat of "inside" attacks on their system security. But has awareness led to action? In this module learn about the issue of insider attacks, the danger of so-called privilege creep and ways to manage such security hazards.
A new survey finds a lack of strong privileged-user controls despite the very real threat malicious insiders. Continue Reading
Even after the Snowden affair, one of the biggest insider breaches in history, most enterprises haven't changed their privilege management policies. Continue Reading
Everyone talks about the principle of least privileges, but a survey shows many enterprises do nothing about implementing it. Continue Reading
Hackers infiltrate and then attempt to move laterally; their ability to do this, though, can be contained by granting privileged users the least privileges possible. Continue Reading
Once BYOD hit the enterprise, IAM got a whole lot more complicated. In this module learn how to secure identity and access even in a large enterprise where employees bring in multiple personal devices each day. Mobility has changed just about everything in the information security world, and IAM is no exception.
Today enterprise IAM is being challenged by both cloud and distributed computing, but Forrester's Zero Trust model can help. Continue Reading
If a third party accesses Wi-Fi passwords off an Android mobile device, it could mean disaster for your network, unless you take the right precautions. Continue Reading
5AD AND LDAP-
Active Directory and LDAP
Active Directory (AD) is a key aspect of IAM. A directory holds user account information and AD is Microsoft's trademarked system to, among other things, authenticate and authorize users and computers by checking submitted passwords and determining whether the person signing on is a regular user or an administrator. The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral industry standard for directories. It's commonly used, for instance, to provide users the ability to conduct a single sign-on -- that is, to input just one password but access many services. This section looks in depth at both AD and LDAP, reviewing recent developments and methods of making these vital services, and related ones, more secure.
Microsoft downplays the new Active Directory "pass the hash" attack, but could it really be more dangerous than that company is letting on? Continue Reading
Juniper has upgraded its latest firewall to simplify security management, and it promises more visibility and policy control with applications and identity, too. Continue Reading
Active Directory is essential for provisioning users, but do you know how to securely implement AD itself? Continue Reading
Learn how to secure LDAP, and how application security teams and infrastructure security teams can work together to secure naming and directory services. Continue Reading
Experts delve into current IAM issues
Watch these videos for expert insights into the issues affecting IAM today.
Even after the Snowden affair, many enterprises are failing to manage carefully the extensive access network administrators have. In this video, Philip Lieberman, of Lieberman Software, explains why infosec pros must have a privileged account management process.
Too many Internet users assign the same password to multiple accounts, ones that contain sensitive and financial information. In this video the CISO of Paypal discusses his hope that the new Fast IDentity Online Alliance will help improve password security.