Category: Security

A humble definition of Active Directory security, some best practices and market standards to increase the security, and some models which will help on this task.

AD Security Boundary

0 (Zero) Admin Model

Posted on by Vicente Posted in Active Directory, Delegation Model, SecurityLeave a Comment on 0 (Zero) Admin Model

A crazy idea? 0 (Zero) Admin Model in your production environment? Personally, I don’t think is crazy. First thing to check when running a security audit, is the number of privileged users. Remember that a privileged user is a member of either Enterprise Admins, Domain Admins or Administrators group. The fact is that more members these groups have, the less […]

Read More
Least Privileged Access

Least Privileged Access

Posted on by Vicente Posted in Active Directory, Delegation Model, Security Tagged , , , Leave a Comment on Least Privileged Access

Why 7 if we can do it with 3 Least privileged access is to have nothing more than the permissions you need to complete your task. Every time I get to a new customer, and I need administrative access to the environment, I just get Domain Admin. We could justify this action by going into my background… The years of […]

Read More
SemiPrivileged_overview

Privileged and Semi-Privileged Users

Posted on by Vicente Posted in Active Directory, Security Tagged , , Leave a Comment on Privileged and Semi-Privileged Users

Naming chaos… name things by their names. One of the most common issues I find when chatting to my customers and colleagues, is understanding things the same way. We all been in a situation where we know something by one name, but our colleague from another region (or country) call it differently. Well, on IT this happens all the time. […]

Read More
Segregation Of Duties

Segregation of Duties

Posted on by Vicente Posted in Active Directory, Security Tagged , , Leave a Comment on Segregation of Duties

Segregation of Duties on a globalized culture? Segregation word might be understand as a negative word. When administering IT systems, we DO have to segregate everything… segregate, divide, categorize, organize and so on. So segregation of Duties is a good IT topic. As Occam’s Razors says, “the simplest solution is almost always the best.”, and this is true meanwhile we […]

Read More

Logical Perimetral Security

Posted on by Vicente Posted in Active Directory, AD Tier Model, Security Tagged , , Leave a Comment on Logical Perimetral Security

Old physical concept transformed into new Logical technology When I was first hired on a Fortune500 company, my colleagues from the networking team were heavily involved into something they called “Perimetral Security”. It took me just a snap to realize the concept (Logical Perimetral Security), which by the way, it was very clever. The main idea of this concept was […]

Read More

Active Directory Paradigm

Posted on by Vicente Posted in Active Directory, AD Tier Model, Delegation Model, Security Tagged , , , , , Leave a Comment on Active Directory Paradigm

Active Directory Paradigm Blog Merriam-Webster defines Paradigm as “an outstandingly clear or typical example or archetype. Regard science as the paradigm of true knowledge”. And this is exactly what Active Directory Paradigm blog is about. Of course this is not the ultimate AD post, but in my humble opinion, is a very good approach on how to design, implement & […]

Read More