Ask the Experts

Ask the Experts

Privileged access management

• 6 key identity and access management benefits

  Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework.  Continue Reading

• Is VPN split tunneling worth the security risks?

  Enabling VPN split tunneling may increase speed and decrease bandwidth use and costs, but it also increases the number of security vulnerabilities faced.  Continue Reading

• Best practices to conduct a user access review

  User entitlement reviews ensure employees only have access to essential systems and unauthorized employees -- or miscreants -- don't. Learn how to conduct an audit of user privileges.  Continue Reading

• How did a Moodle security vulnerability enable remote code execution?

  A series of logic flaws in Moodle enabled attackers to remotely execute code on servers. Expert Michael Cobb explains how the Moodle security vulnerability can be exploited.  Continue Reading

• How did thousands of MongoDB databases get hijacked?

  Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.  Continue Reading

• Are separate administrator accounts a good idea for enterprises?

  Separate administrator accounts are becoming a normal part of access policies in enterprises. Expert Matthew Pascucci explains why this is a good idea and how to implement it.  Continue Reading

• How do identity governance and access management systems differ?

  Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.  Continue Reading

• How can Kerberos protocol vulnerabilities be mitigated?

  Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.  Continue Reading

• Which is safer: an HSM appliance or a virtual appliance?

  A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.  Continue Reading

• Can reviewing credential dumps protect identity information?

  Reviewing credential dumps could potentially save identity information from being stolen and used in a data breach. Expert Randall Gamby explains why it's worth the extra work.  Continue Reading

• How can organizations get control over privileged identity management?

  Doling out too many admin privileges can lead enterprises astray when it comes to privileged identity management, but there are ways they can take back control.  Continue Reading

• A broader definition of identity governance

  The definition of identity governance has evolved to include a tool that could prove challenging for enterprises to implement.  Continue Reading

• To protect privileged users, consider using least privilege principle

  To defend against "laterally" moving attackers, consider granting privileged users the least privileges necessary. Expert Nick Lewis explains how.  Continue Reading

• Privilege access management: User account provisioning best practices

  Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.'  Continue Reading

• Dynamic authorization vs. other access management technologies

  Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.  Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.  Continue Reading

• Enterprise user de-provisioning best practices: How to efficiently revoke access

  Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.  Continue Reading

• OpenLDAP migration: OpenLDAP from an Active Directory schema

  While integrating user provisioning products may seem like a lot of work, there are strategies to make it go smoothly. In this expert response, Randall Gamby describes how to incorporate OpenLDAP into an Active Directory schema.  Continue Reading

• The pros and cons of automated user provisioning software

  Automated user provisioning software can offer many benefits to enterprises, but its high cost and labor-intensive implementation may mean it's not right for yours. IAM expert Randall Gamby addresses the topic.  Continue Reading

• Creating a user account management policy to delete old accounts

  If you're not deleting orphaned accounts, you may be leaving the door wide open to attackers. In this expert response from Randall Gamby, learn how to create an effective user account management policy for getting rid of old accounts.  Continue Reading

• Separation of duties: Internal user account controls

  If your user account administration is dispersed among different departments, you might be looking into centralizing it. This can work, provided you have a trustworthy administrator and separation of duties controls.  Continue Reading

• How to grant local admin rights with Global Policy Objects

  When granting local admin rights, it's important to do it securely. Learn how to use Global Policy Objects and global security groups to do it correctly.  Continue Reading

• Choosing management for Active Directory user provisioning

  Who's in charge of Active Directory user provisioning at your organization? Learn how to choose the most effective user provisioning management method from expert Randall Gamby.  Continue Reading

• How to edit group policy objects to give a user local admin rights

  Giving a user local admin rights to his or her computer alone can be a tricky prospect. In this expert answer, Mike Chapple explains what Group Policy objects can and can't do to make this happen.  Continue Reading

• Should the CTO have domain administrator access?

  Should a CTO or SVP of technology have domain administrator access? In this identity and access management expert response, learn whose job description should include domain administrator privileges.  Continue Reading

• Using batch files for temporary user access to the local admin group

  When a program that many users need to access requires local admin rights to run, what's the best way to manage user privileges? IAM expert Joel Dubin weighs in on how best to manage user accounts.  Continue Reading

• How to conduct an efficient and thorough employee access review

  In order to meet HIPAA and SOX compliance requirements, an employee access review is necessary.  Continue Reading

• How can root and administrator privileges of different systems be delegated on one account?

  In this expert response, Joel Dubin discusses how corporations can manage "superuser" accounts by delegating root and administrator privileges.  Continue Reading

• How to keep personally identifiable information out of access logs

  Are there products available that can hide the internal IP addresses recorded in log files? Maybe not, but in this expert Q&A, Michael Cobb reveals which tools can prevent the transfer of personally identifiable information to third parties.  Continue Reading

• What are the criteria for a strong authentication system?

  In this Q&A, identity management and access control expert, Joel Dubin examines what components are necessary to create any secure authentication system.  Continue Reading

• Risk-based authentication vs. static authentication

  How does risk-based authentication methods differ from static authentication methods? SearchSecurity's resident identity management and access control expert tackles this question in this Ask the Expert Q&A.  Continue Reading

• How to clean up dormant accounts in Active Directory

  Inactive or dormant Active Directory accounts can serve as a gateway for attackers. Learn how to identify and clean up inactive Active Directory accounts in this Identity Management and Access Control Ask the Expert Q&A.  Continue Reading

• How to build a user registration form

  Learn how to build a secure user registration form and some general Web-based system guidelines to guide you through the process.  Continue Reading