Identity and Access Management

IT Disciplines of an Identity & Access Management Expert

06/04/2012/0 Comments/in Access Management, Identity Management, PathMaker Group/by Chris Fields

The field of identity and access management is considered a small, specialized niche in the world of IT. Some would speculate that this is because of the very complex nature of the applications we deploy to an enterprise. Although that may be true, it goes far beyond just the complexity of the specific applications we work with. A true identity and access management expert must be very knowledgeable over many IT disciplines. This is due to the products we architect and implement being entire solutions, as opposed to singular purposed applications. Let me provide some examples of the typical IT disciplines covered during a deployment:

Gathering enterprise requirements: The expert must be well versed in enterprise architecture, security, networking, hardware, and multiple operating systems. This is crucial as they will propose the best suite of products based upon the clients requirements and the current state of the enterprise architecture. The expert must consider things as simple as who the primary user base is, to more complex questions such as what hardware will be required based on expected application load. This phase will determine both the tempo of the project as well as its success. Lest we forget the expert must also play the role of a project manager, technical writer and business analyst. Any well-rounded expert can explain identity and access management plans and concepts to the client in simple, no nonsense terms, but also deliver highly technical documents to the various IT departments in which the project will affect. In addition, a precise project plan needs to be delivered to the client to stay on task and on budget. Read more

Tivoli Directory Integrator – On Multiple Entries

04/23/2012/1 Comment/in Access Management, IBM Tivoli Directory Integrator, Identity Management/by Mark Adamson

Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM). TDI comes out to the box with a multitude of connectors that are used to as the name says, connect to different sources. One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL). For an example, it is common to use TDI to extract Human Resources data and using a DMSL connector, send the data over to the ITIM Application for processing.

One of the main considerations in extracting data from different sources is the data. The data values, the data relationships and attributes do not always exist as advertised.

For example: The process pulls the employee information from SAP and then does a lookup to Active Directory using the employee number. Active Directory is only supposed to have one entry for each employee. “Supposed to” is the key word. In some cases, there are multiple AD accounts for one employee. Read more

Internet Enable your Applications using WebSEAL with Active Directory Authentication

03/22/2012/0 Comments/in Access Management, Identity Management, Tivoli Identity Manager/by Paul Zuefeldt

Let’s say you have a set of applications you use within your organization that you want to make available for access from the Internet. Let’s further say you want remote users to login using their Active Directory credentials. That way, there is no additional password maintenance to worry about – for users or for support staff.

Sounds great, but can you pull it off without exposing your organization to the countless threats lurking out there on the Internet?

In most cases, it can be achieved with minimal risk to your systems and applications. Furthermore, PathMaker can help you design and deploy a solution, as well as help you analyze your applications and infrastructure for potential vulnerabilities. Read more

Web SSO vs. Enterprise SSO – What do I need?

02/15/2012/0 Comments/in Identity Management/by PathMaker Group

So your organization has decided it needs to get a handle on managing the passwords for end users. A single sign on product is a great way to achieve that. Now the question becomes which product do I need? While the names may be similar, there is a big difference between Enterprise and Web SSO.

Enterprise SSO is designed (as the name implies) to provide single sign on to practically all the applications an end user would need. This includes web apps, Windows executables (thick clients), Java apps and mainframe/terminal emulator (greenscreen) apps. It works in a non-intrusive way by capturing the user ID and password for the application when the user logs in. The next time the application is launched, Enterprise ESSO will detect it and automatically enter the credentials on the user’s behalf and log them in. It can also be programmed to handle password changes (i.e. first time temporary passwords, 90 day password expiration). There is an executable installed on the end user’s desktop and profiles are created to recognize the login/password change screens for an application so the agent can respond to them. Since no changes are made to the applications, this provides a relatively quick and encompassing way to provide SSO to most apps a user would have. Read more

Email Attacks and Hate Mail Response: Recognizing When You Need to Hire an Incident Response Expert

01/23/2012/0 Comments/in Identity Management, Incident Response, Security Services/by PathMaker Group

Many people who use email think that their true identity and location are anonymous. Hidden behind their supposed “cloak of anonymity,” these people may sometimes lash out at their employers, colleagues, political adversaries, ex-lovers, and so on. Thankfully, there are a number of identity management services that can help to reveal the identity of the person who sent you a threatening message.

If you receive an email that is of a threatening or illegal nature, it’s not difficult to initiate an enquiry leading directly to the person involved for appropriate actions by authorities. Here is a look at how the specialists at PathMaker Group can handle your situation:

Forensic Expertise

The key to finding out who is responsible for sending a threatening message is the technical knowledge that incident response experts have about the inner workings of electronic mail. By examining the Internet Headers of a particular email, our incident response experts can identify the exact source of the message. Read more

Using IBM Tivoli Identity Manager to recertify Active Directory Groups

01/10/2012/0 Comments/in Identity Management, PathMaker Group, Security Awareness, Security Services/by Mark Adamson

Its audit time and you’re responsible for recertifying approximately 75 Active Directory Groups and each group has a membership of about 10 to 30 people. An email needs to be sent to every manager for them to confirm the person still needs to be a member of the group. You have to provide information to the Auditors to confirm that each person in each of these groups has been verified. Before you can send out the verification requests to the managers you have to confirm each Active Directory Account has the correct person contact information and manager information. All this has to be done in the next 30 days.

What are you going to do? Book an early tee time!

How is this possible? Read more

An Overview of Digital Forensics and Electronic Discovery

12/07/2011/0 Comments/in Identity Management, PathMaker Group, Security Awareness, Security Services, Uncategorized/by PathMaker Group

Digital forensics and electronic discovery involve the collection and analysis of electronically-stored data. Together, these two fields of electronic security cover the entire digital information spectrum. To find out more about what each one is and when or why you may want to hire an investigative team to perform digital forensics and electronic discovery procedures for your company, continue reading this article.

What is digital forensics?

Digital forensics entails the thorough examination of electronic storage devices. In the process, electronic systems investigators identify, collect, maintain, and analyze the data stored on an electronic device. After doing so, they produce results based on their analyses that are defensible enough to be upheld in a court of law. Deleted, damaged, and encrypted files are all included in the analysis and the data explained in the results.

What is electronic discovery?

Electronic discovery, or e-discovery, is the process of gathering electronic data so that it is readily available and can be stored on a variety of electronic storage devices. This data is gathered and stored via:

Information and identity management.
Collection and preservation of all data.

When good e-discovery practices are employed at a company, e-discovery records can be sent to a team of digital forensics investigators for:

Processing, analysis, review, and presentation of results.

When are these processes necessary?

Electronic discovery should be practiced by any company that stores sensitive data and records that are crucial to future business. Digital forensics should be employed when a company needs to draw on its performance history to justify a decision made in the present, as well as whenever a company is facing legal action. A forensics team can ensure the files and digital history stored on your computer that support your case will provide you with valid courtroom evidence.

Are you a Dallas-based business owner who is looking for services in the field of electronic security and identity? If so, call PathMaker Group at (817) 704-3644 and ask about our electronic discovery, digital forensics, and identity management services today!

Using IBM DataPower XI50 Appliance to Secure XML-based Web Services

11/28/2011/0 Comments/in Identity Management, PathMaker Group, Security Awareness, Security Services, SOA Security/by Rick Tutt

Congratulations!!! Your IT organization, and more importantly your company, now enjoys the benefits of Service Oriented Architecture (SOA). These benefits include return on investment, code mobility and maintenance, agility, improved scalability and high availability. But along with these rewards come some disadvantages. These include degradation of application server performance and increased security concerns and risks. The XML-based Web Services in use in your enterprise easily expose back-end systems to customers and partners. Your Web Services pass through your enterprise network firewall and are based upon SOAP, XML and HTTP. These all combine to introduce new threats and security exposures within your enterprise infrastructure. These new type of threats can consist of some of the following below:

XML Denial of Service
- Slowing down or disabling a Web Service so that service requests are hampered or denied
Unauthorized Access
- Gaining unauthorized access to a Web Service or its data
Data Integrity and Confidentiality
- Data integrity attacks of Web Service requests, responses or underlying databases
System Compromise
- Corrupting the Web Service itself or the servers that host its Read more

Identity Management in Higher Education

11/08/2011/0 Comments/in Identity Management, PathMaker Group/by PathMaker Group

Introduction

Technology plays a crucial role in the universities and institutions where students, alumni, faculty, and staff depend on high-tech services and tools to study, live, work, and play. As these institutions embrace the Internet for student services, administrative systems, research projects, self-service, and profile management, online security is at a premium. Users must feel protected for web channels to grow and enhance the user experience. At the same time, compliance mandates have become more complex and university breaches become more numerous; both which threaten the institution’s assets and brand name. Institutions that cannot meet this security demand will suffer.

PathMaker Group can help prepare educational institutions for these challenges by developing solutions for:

– Centralizing application access control.
– Providing strong, multi-factor authentication.
– Providing sophisticated real-time risk analysis and access prevention based on events and rules.
– Automating routine account management activities.
– Meeting regulatory requirements for reporting and attestation.
– Enabling new modes of inter-campus interactions.
– Protecting user identity data with a secure, scalable and highly available infrastructure.
– Bridging islands of user identity information across a variety of infrastructures. Read more

Addressing NIST’s New Risk Management Framework

11/02/2011/0 Comments/in Identity Management, PathMaker Group, Security Awareness, Security Services/by PathMaker Group

The National Institute of Standards and Technology (NIST) created a series of publications that provide guidance for federal agencies on the implementation, certification and accreditation of federal information system security. The same guidelines hold true for all commercial agencies/companies as well.

So the question that comes to our mind What is NIST’s New Risk Management Framework? NIST describes the RMF model as a series of six repeating steps designed to identify the security mechanisms necessary for an IT system, implement those protections, and validate their proper operation over the systems lifecycle.