未加星标

Active Directory User Logon Logoff Security

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二03 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

So you want tocontrol Active Directory(AD)useraccessin a more granular way than native windows’ Group Policy? You want torestrict users fromaccessingthe networkbased on criteria you specify? And you want tobe alerted to any othersuspicious logon activity crucially before that activity becomes a serious problem?

Your absolutely right. This type of logon/logoff security is no longer just a concern for highly regulated industriesthat want tomeetcompliance. It is for anyorganization at risk ofa security breach that stems fromcompromisedAD user accounts.

As reviewed by Ovum On-The-Radar “UserLock blocks unauthorized users from gaining access to enterprise assets, and by improving the organization’s security posture, reduces the risk of external and internal security breaches “

Extend Active Directory User Logon Logoff Security

UserLockgives network administrators a way tocontrolall authenticated user sessions:

If anAD user account isstolen, access to the network from this compromised account will beautomatically denied. Careless user behavior is also protected, UserLockrenders password sharing useless andsecures logged in workstations left unattended. With UserLock helping toverifyauthenticated users claimed identity, all access can be attributed toan individual user. Thishelpsdiscourage any malicious activity and offers a comprehensive audit on all session access history and access attempts.

And what’s more,itdoes thiswith a simple and non disruptive technologythat works alongside Microsoft Active Directoryto extend logon security, not replaceor overwrite it.

UserLock is a client server application capable of auditing and controlling different type ofuser access connections. UserLock implements its authorization functionality on top of Microsoft Active Directory authentication and relies on micro-agents.


Active Directory User Logon Logoff Security
Non Disruptive Technology

With UserLock, no modifications are made to Active Directory or its schema.

Fast Implementation

UserLock can be hosted on any server member of the domain and is managed remotely on workstations or through a web console anywhere on the network.

Fast Agent Deployment

A micro agent is deployed automatically (orif preferredmanually) on all machines. Once installed all access connections are detected and saved in the UserLock database.

Across All Session Types

UserLock offers several agent types according to the types of session it has to monitor (Workstation, terminal, Wi-Fi & VPN and IIS).

How does UserLock work?

The user enters their credentials to log on or to establish a connection to the domain network. These credentials are verified and validated against Active Directory. If the authentication process fails, the connection will be refused by Windows and UserLock does not intervene. The agent will however notify the UserLock server about this logon failure (and be available for reporting).

If the authentication is successful, the UserLock agent will transmit to the UserLock server all information about the context of the connection requested. The UserLock server will then process and analyze the data transmitted by the agent to check access control rules, trigger any alerts, refresh session information and save the user connection event in the database. The server then communicates its decision to the agent regarding the acceptance or refusal of the connection requested.


Active Directory User Logon Logoff Security
Audited UserLogon LogoffData

UserLock records and reports on every session access event. On a connection event of a domain user to the network, the UserLock agent transmits to the server a set of data. This set includes information on:

Connection Event Type Logon, reconnection, disconnection, logoff, lock, unlock Connection Type Requested Workstation, terminal, Wi-Fi, VPN, IIS The User Domain, username The Source Machine or device name, IP address.

This information is retrieved by the agent itself when the connection event is submitted by the user, and sent encrypted to the UserLock server, which determines the time of the connection request and saves all in its database. Thus all user connection information performed on agent hosts are collected and stored centrally.

Real-Time Access Controlsto AD User Logons

All data audited at the moment of attempted connection is analyzed to verify if the user requesting the connection is subject to access control rules. Transparent to the user, these controls help verify authenticated users’ claimed identity to protect against unauthorized access and compromised credentials.

Defined for a user account, a user group and/or an organizational unit of users, the rules allow or deny a connection requested by a domain user account. UserLock then transmits this decision to the agent of the relevant system.


Active Directory User Logon Logoff Security
Access security is not a one-time activity. Restrictions should be evaluated and revised periodically so that improvements can be implemented. User access control rules can be modified at any time for a user or a group, or to create a temporary rule to define an exception for a particular user. All changes are applied in real time and are effective immediately Number of Initial Access Points

UserLock can analyze what the sequence is of an ADuser’s logon connections to determine whether a session is a new point of entry to the network or a connection performed from an existing session.

A new point of entry is considered as the initial access point for the user initiating the connection. Limiting the number of initial access points to one will ensure that the user won’t be able to open a session from a second location


Active Directory User Logon Logoff Security
Number of Concurrent AD User Sessions allowed

The limit of concurrent sessions allowed can be used in association withthe limit of initial access points to define how many and which types of session (workstation, terminal, Wi-Fi/VPN and IIS) an ADuser can open from the same initial access point.

Control AD User Logon access by origin (location)

Define and manage the workstations/terminals, IP range and session type from which a user, group or organizational unit may log on. For example, to restrict a user to connect only from a specific machine.

ControlAD User Logon accessby time

The ‘Hour restrictions’ section allows you to define, by session type, periods of time during which users can or cannot logon to the network. For example, to prevent access connections outside certain hours.

Control AD User Logon access by time quota

A connection time quota can be assigned to determine the maximum period of time connected to the network during a recurring period (day,week, month… ) for specified session types.

Automatic Logoff of Idle AD User Sessions

To manage unattended workstations, UserLock can automatically log off sessions after a specific idle time. Every session of the user account is closed after a chosen idle time period.

Alertfor defined AD logon events

The user rules also include alert notifications for defined connection events. Two types of alerts can be defined: pop-up messages and email message.

The data audited during the connection, whatever the decision taken (authorized, refused or failed), are analyzed and compared against the criteria of aler

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: WindowsVPN
分页:12
转载请注明
本文标题:Active Directory User Logon Logoff Security
本站链接:http://www.codesec.net/view/484893.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(38)