Active Directory Security Improvement

Unauthorized access to Active Directory could compromise the security of whole network. In fact, all permissions and privileges in network are managed by Active Directory.

One the most important concern of IT managers and administrators is to be assured that all servers are configured properly and delegation process is controlled and non-invasive. Active Directory itself, in general, is secure, but intentional deeds and unintentional mistakes of IT technicians contributes to the breach of security.

 

 

active directory template user creation form Borna
 

Detailed Auditing of All the Changes in Active Directory

Most security issues breaching Active Directory security are caused by an insider threat or unintentional activity. Hence, it is of paramount importance to audit and monitor all user activities since they were created.

Windows built-in tools does not provide an integrated and simple monitoring tools to trace users' activities. In Borna, all operations needed for logging AD changes have been implemented according to best practices. Some of Borna capabilities regarding auditing are as follows:

 

  •  Auditing changes in Active Directory, such as creating users, resetting passwords, moving users, etc.

  •  Comprehensive reporting by audit time or user.

  •  Displaying important changes in Dashboard in real time.

  •  Notifying administrators or users of important changes.

 

Reducing Security Risks Caused by Unintentional Mistake

Careless activities of IT staff can potentially contribute to security issues. For instance, adding users in an unrelated group may give them unnecessary permissions to access sensitive information and perform harmful operations; Or enabling users to logon to all computers may allow them to access unnecessary information.

Borna has several features which greatly ease the delegation process, as follows:

 

  •  It is possible to make some important fields mandatory in user templates and ensure that a technician will fill them. Moreover, you could set default values for some fields which is sometimes needed particularly for security settings.

  •  Borna can restrict users and technicians access based on their domain and OU.

  •  Borna can also restrict access to certain objects. For instance, it is possible to prevent a technician from changing group and department members.

  •  Borna provides a very efficient fine-grained permission control for technicians.

  •  Borna can generate comprehensive reports to display all changes executed by users. These details can also be seen in real time.

 

 

Active Directory Cleanup

Over time, several objects including user and computer accounts remain in AD which are not needed anymore. For instance, HR department may not inform IT staff about an employee who is not working in the organization anymore. These unneeded user accounts may cause potential security risks.

IT department should have a certain policy to remove all obsolete and unneeded objects periodically. This process is called Active Directory clean-up.

 

Borna makes cleanup process extremely easy by which all security concerns will be obliterated. The following list contains some important feature of Borna in AD cleanup process:

 

  active directory report old user objects

  •  By using Recently Inactive Users report, you can see a list of inactive users for specified duration (e.g. 30 days) and removing them by a few clicks.

  •  By using Groups Without Members report, you can remove all unneeded and unused groups.

  •  By using Last Logged on Based report, a list of unused computers is shown with which you can take necessary actions.

  •  By using Users Never Logged on report, you can see a list of all users who has never logged on.

Since these useful reports can directly and indirectly imrpove security of your domains, they are referred to as security-related reports.