Home page logo
/

basics logo Security Basics mailing list archives

Re: Access Management on file shares and client-server apps
From: krymson () gmail com
Date: Mon, 14 Nov 2011 20:06:16 GMT

Including "desktop client-server applications" may confuse the issue quite a bit. I'll read this as: You want to find a 
way to audit and maybe track changes to permissions settings on Microsoft folders. (I'll ignore share permissions, 
since share permissions should just be open and NTFS is where you should be explicit; but that itself is an arguable 
viewpoint...)

It's been years since I used it, but I always liked ScriptLogic's Enterprise Security Reporter. It should be able to 
scan a folder location, interrogate the NTFS permissions, and generate a nice report that tells you all the effective 
permissions. I can't comment on how it tracks changes.

If you're good about managing NTFS permissions properly by never assigning explicit AD *user accounts* permissions to 
folders and instead only assigning AD *groups* (that users are members of) to folders, you could get away with just 
interrogating AD groups and memberships. At that point you'll be looking at Active Directory change management/audit 
tools that tell you when new groups are made and when those groups are modified with new or removed users (or track 
user changes similarly).



<- snip ->

We are currently assessing our access management on file shares
(windows, active directory) and desktop client-server applications.
Currently,tracking of access tasks such as granted or revoked is
registered on a excel sheet which obviously doesn't guarantee accurate
status of who holds acces to a a given folder or if someone was
revoked access over the last week.
Our process to assign permissions for our applications is similarly
managed for our client-server user applications.
I guess we are looking for a solution to keep track of changes in
folder shares in active directory and in our (exe) applications more
than a full enterprise identity access management solution.is there
such level of solution? or we have to give a big step into enteprise
level identity solution? What features should we look into a solution
to address these tasks?

Thank you for your advice

M.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]