Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help
 
 
in Search

Browse by Tags

All Tags » Active Director... » Security
Showing page 1 of 2 (14 total posts)
  • Security Thoughts: Pass the Hash and other Credential Theft

    Although we’ve seen presentations on Pass the Hash attacks for years, now is a good time to actually make good on that New Year’s resolution to start hardening your Active Directory environment against these, and other related attacks. Roughly six months ago, Patrick Jungles, a Security Program Manager working with Microsoft’s Trustworthy ...
  • Common Challenges when Managing Active Directory Domain Services, Part 1: Security

    In many organizations Active Directory Domain Services is the top tier in access management. Access to systems, information and connections, often, is governed by information in Active Directory. User objects and computer objects play a big role in this model, since they represent actual physical objects within the organization. Now, not every ...
  • Best Practices for Securing Active Directory

    Today, Microsoft has released a document, detailing the Best Practices for Securing Active Directory Domain Services. The document contains 22 best practice recommendations to assist organizations in enhancing the security of their Active Directory installations. By implementing these recommendations, organizations will be able to identify and ...
  • Kerberos and non-standard port number

    Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not working or reports not being displayed on MOSS web ...
    Posted to Tomek's DS World (Weblog) by tomek on December 20, 2009
  • userPassword

    One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior my friend was observing was related to ...
    Posted to Tomek's DS World (Weblog) by tomek on November 22, 2009
  • Where to put SSL certificate for LDAP …

    Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use ...
    Posted to Tomek's DS World (Weblog) by tomek on June 17, 2009
  • DNS server security problem

    Most of you have probably read new (published few days ago) security advisory with number 935964 published by Microsoft. For those who haven't read it I think it is worth to take a look as this is about security problem in DNS service, which is quite common in Microsoft directory services world. Flaw in this service allows attacker to remotely ...
    Posted to Tomek's DS World (Weblog) by tomek on April 16, 2007
  • Schema extensions for Vista new features

    Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still somewhere behind the horizon and we have to take care about it by ourselves. Two new ...
    Posted to Tomek's DS World (Weblog) by tomek on December 4, 2006
  • Auditing directory changes aka "Who deleted this object"

    Some question were raised by few peoples about directory object auditing - mostly in a context of question "Who deleted the object?" - so I've decided to give this topic a little space. Windows 2000\2003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't ...
    Posted to Tomek's DS World (Weblog) by tomek on September 21, 2006
  • Apache and kerberos authentication within AD domain

    I was asked lately to check some things connected with authentication users accessing Apache based web-site against AD. It is quite simple but requires some configuration so I’ve gathered things all together and here is is – how to make Apache web server authenticating users against AD using mod_auth_kerb module. Here’s a ...
    Posted to Tomek's DS World (Weblog) by tomek on August 6, 2006
1 2 Next >
Powered by Community Server (Personal Edition), by Telligent Systems