RE: Active Directory Management and Identity Access Management

["Valin, Christian" <Christian.Valin () ncogroup com>]

Dave,

My two cents:

I'm guessing that you are ramping up for SAS-70 reporting/auditing.
For audit reports you might be served well enough by HYENA; very
inexpensive so try it and see if those reports can do the job for you.

But as for "Identity Access Management".. if you go down the product
line, like down the CA line of products, bring a wheel barrow of cash
and don't expect it to be working over-night.
That will be a more long-term project for you.

If I'm right in guessing you are preparing for yet another SAS-70  or
SOX audit, I'd focus on demonstrating your internal audit process and
proving that you do perform routine internal audits as often as your
company claims.

Christian


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dave Wolf
Sent: Monday, May 02, 2011 6:36 PM
To: security-basics () securityfocus com
Subject: Active Directory Management and Identity Access Management

Hi Everyone,

I'm looking for a product(s) that can help me with my current and future
audit requirements.  I've been using NetIQ's Directory and Resource
Management software recently, and it just isn't up to snuff any more.
It's not very user-friendly, and has a tendency to fail on me more often
than my patience can handle.

I'm looking for a product that can generate custom reports about any,
and all, Active Directory information.  Examples of specific reports I
need are: user group membership lists, last logon, password last
changed, expired accounts, disabled accounts, locked accounts, groups
with "Managed By" listed and corresponding user, list security
permissions for users, etc.

I'm also looking for an Identity Access Management solution that can
provide business level access reports, i.e. giving the business owner of
a file share control over who has access to their files.

For Identity Access Management, I've looked at Courion's Compliance
Manager and a few CA Technologies products (as I also want to move
towards a solid Role-Based Access Control method).  But I don't really
know of any other software besides NetIQ that can provide me the
customizable AD reports that I want.

Do any of you have any product suggestions or recommendations for the
solutions I need?

Thank You!

Dave






------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------