Insights From Thought Leaders Around The Globe
The digital identities of modern enterprises exist in a dynamic environment. Read thought leadership from experts worldwide regarding the constantly changing global IT environment and insights for keeping up with growing demands, and securing against escalating threats and vulnerabilities.
A colleague here at Semperis recently looped me into a conversation with the manager of a large Active Directory environment running on Windows Server 2008 R2. With end of support for Windows Server 2008 and 2008 R2 coming up soon (officially January 14, 2020), planning is well underway for upgrade of the company’s forest and … Read More
Request for Comments (RFC) 1823 from August 1995 introduced the Lightweight Directory Access Protocol (LDAP) Application Programming Interface (API). One could argue that this important work served as the foundation for modern identity management. And yet, surprisingly, the word identity does not appear even once in the entire RFC. (The word directory shows up fourteen times and the word access appears … Read More
In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a feature of the Mimikatz post-exploitation tool that attackers use to silently create … Read More
Information protection consists of three pillars: confidentiality, integrity and availability. Hybrid Identity is no different; the three pillars still apply. However, availability is hard for Azure AD Connect. As a key link in the Hybrid Identity chain, it should be the focus, but not the only focus. High availability for Azure AD Connect explained About … Read More
If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security hardening on their Windows desktops and servers. This includes everything from tweaking OS settings to … Read More
Following a 10-year stint in virtualization technologies, I joined Semperis and dove into the world of Active Directory. Over the last three years, which included some of the most vicious malware attacks ever documented, I think I have finally come up to speed on this part of the IAM world. Here are a couple of … Read More
Keeping directory sync in sync with security best practices With Azure AD Connect, synchronizing directory data from on-premises Active Directory to Azure AD is both easy and efficient. But is it possible to have too much of a good thing? Security best practices limit sharing to a strict need-to-know basis. However, Azure AD Connect synchronizes … Read More
Should you upgrade your existing AD forest to Windows Server 2016 Active Directory (aka AD 2016), or should you leave it where it is? Despite the focus and activity around adopting cloud services today, the fact remains that Active Directory continues to underpin it all. In addition to longstanding dominance as the on-premises identity source, … Read More
Keeping your cloud-based IT infrastructure secure is a constant effort. The people who want access to your data are always working on ways they can get in, so both you and Microsoft need to be working on ways to keep them out. Microsoft is aware of this responsibility, and since you are reading this blog … Read More
