Ask the Experts

Ask the Experts

Active Directory security

• How to detect and defend against a TCP port 445 exploit and attacks

  The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains how to detect and defend against such attacks.  Continue Reading

• QakBot malware: How did it trigger Microsoft AD lockouts?

  QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out.  Continue Reading

• How does the CLDAP protocol DDoS amplification attack work?

  DDoS amplification attacks that use the CLDAP protocol are a new threat to enterprises. Expert Matthew Pascucci explains how they work and how enterprises can protect themselves.  Continue Reading

• Can a read-only domain controller maximize DMZ security?

  Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.  Continue Reading

• Understanding Aorato's Directory Services Application Firewall

  How Aorato's Directory Services Application Firewall protects Active Directory, and why it's useful for enterprises.  Continue Reading

• IMEI authentication: OK as a mobile authenticator?

  Is IMEI authentication a secure choice when considering a mobile authenticator? Randall Gamby explains why it may not be a wise choice.  Continue Reading

• Enterprise user de-provisioning best practices: How to efficiently revoke access

  Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.  Continue Reading

• Role-based access control: Making an enterprise RBAC implementation easier

  Learn the benefits of role-based access control based on job functions of network accessing employees, and how to make an RBAC implementation easier.  Continue Reading

• Perform a Windows Active Directory security configuration assessment

  How secure is your configuration of Active Directory? Learn how to perform a security configuration assessment on such a directory in this expert response .  Continue Reading

• OpenLDAP migration: OpenLDAP from an Active Directory schema

  While integrating user provisioning products may seem like a lot of work, there are strategies to make it go smoothly. In this expert response, Randall Gamby describes how to incorporate OpenLDAP into an Active Directory schema.  Continue Reading

• Enrolling in an Active Directory and Windows certificate authority

  Learn more about the process of enrolling an enterprise in a certificate authority using Windows Server 2003 and Active Directory, as well as whether or not there is a universally accepted root CA.  Continue Reading

• Active Directory update: User self-service security concerns

  While allowing employees to update their Active Directory information themselves might sound like a great time-saver, it could cost more in the long run. Learn more about AD user self-service security concerns in this expert response from Randall ...  Continue Reading

• How to grant local admin rights with Global Policy Objects

  When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.  Continue Reading

• Choosing management for Active Directory user provisioning

  Who's in charge of Active Directory user provisioning at your organization? Learn how to choose the most effective user provisioning management method from expert Randall Gamby.  Continue Reading

• LDAP signing requirements for various directory configurations

  While there is no longer a standard directory configuration, it is still possible to implement LDAP signing in most environments. Learn more about LDAP signing requirements from IAM expert Randall Gamby.  Continue Reading