|
Protecting Active Directory from Intrusion
Replication is the core process driving Active Directory's distributed architecture.
It ensures that critical information stored in the directory replicates
throughout the system, making it readily available to those who need it,
where and when they need it.
Some real risks come with all the benefits achieved through
replication, however. Perpetrators can subvert the system to gain access
to critical Configuration and Schema naming contexts (NCs). Once they
gain that access, they can then make changes to the NCs and use replication
to transmit those changes. So, in cases when an Active Directory administrator,
or any user who gains access to the network, decides to maliciously attack
the system, replication can become a vector of their attack.
Ensuring the security of Active Directory and the information
and resources it contains, requires steadfast auditing and protection. Enter
DirectoryLockdown, the only solution available to help protect
the directory from "rogue administrators" who assume the rights of highly
trusted enterprise administrators in an attempt to subvert the system.
View Active Directory security breaches across your entire enterprise
from a central console
Count on DirectoryLockdown to:
- Reduce the security risks associated with domain administrators acting
maliciously.
- Reduce the security risks associated with domain administrators operating
at remote or regional locations.
- Alert administrators to the possible corruption of Configuration and
Schema information so that the corruption can be stopped in its tracks.
- Help network management maintain awareness and control of the Active
Directory system, despite the presence of rogue administrators and administration
models that utilize regional management of Active Directory.
Key Features:
- Monitors objects in the Configuration and Schema NCs on DCs 24x7
- Detects unauthorized changes to Configuration and Schema NCs on DCs
- Alerts network management when a modification to the Configuration or
Schema NC occurs on a DC
- Prevents the replication to and from the comprised DC by quarantining
it
- Monitors domain controllers and sends alerts when they are unexpectedly
taken offline
- Offers flexible response options: (1) Complete response and (2) Alert-Only
response
- Includes a recovery utility to quickly restore a downed DC
- Integrates with MOM (Management Pack) and HP OpenView Operations for
Windows (Smartlink)
|
