Implement Password Policy Compliance Monitoring and Leverage Important Enhancements to Active Directory and LDAP Auditing with StealthINTERCEPT 6.1

Implement Password Policy Compliance Monitoring and Leverage Important Enhancements to Active Directory and LDAP Auditing with StealthINTERCEPT 6.1

There are two functional areas of Active Directory management and security that every organization struggles with; one is changing their password policies and the other is identifying the source of LDAP traffic. StealthINTERCEPT efficiently addresses both of these challenges in Version 6.1.

Password Pain? How to Improve Your Password Policy

The NIST 800-63B password guidelines walk back almost two decades of guidance about how companies should approach password security.  And the reality is, not every company is ready to embrace changes to existing password policies to bring them into line with NIST. Regardless of the changes made to a company’s password policy, it always seems to result in increased calls to the help desk and a lot of frustrated users.

I have sat in the room as some brave sole suggests changing the password policy and is given a dunce cap and told to stand in the corner while they think about what they have said.

The real problem is that there is no way to know how much disruption would be caused by a change to the password policy.  But what if you could have a trial run?   What if you could test a stronger policy that is more like the NIST guidelines over a 3,6, or 9 month period to see how many users would have had a failed a password change due to the new policy?

Imagine implementing a stronger policy across the organization in a passive fashion where the policy is not enforced, but any failure to comply is logged.  With this knowledge, you could perform broad or targeted user education prior to actually changing and enforcing a new policy, allowing you to anticipate and minimize business disruptions.

I know it sounds too good to be true, but in StealthINTERCEPT 6.1, your dreams become reality!  I think this new feature is going to be a big help, and one that customers will really like.

LDAP Auditing without the Headache

Something less toxic than password policy changes (but perhaps just as daunting to think about) is LDAP traffic analysis.

We all know applications generate a large amount of LDAP traffic, which can dramatically affect AD performance. Active Directory Admins often struggle when trying to understand how much applications affect Active Directory performance, but also if planned AD changes could inadvertently affect application performance.

While this headache is not as painful as anticipating the whining about password policy changes, one peek at LDAP traffic usually has administrators scratching their head as to:

  • Why is application X is running the exact same query thousands of times per second?
  • How is a query that has so many results valuable to an application?
  • Why is a query that has no results run so often by an application?
  • It is unbelievable how inefficient this query actually is!
  • Which applications are still using unencrypted LDAP queries?

While it is technically possible to do LDAP traffic analysis using native logging to identify and reduce unencrypted traffic or applications targeting a single Domain Controller, it is often a time consuming and manual process – if you can get it working.

LDAP auditing is not a new feature in StealthINTERCEPT, but we made a number of enhancements to improve your ability to answer these questions around LDAP traffic in your environment in v6.1, including:

  • Secure LDAP Queries – StealthINTERCEPT now supports LDAPS, as well as Kerberos Sign and Seal detection
  • Query Run Time – You can now filter queries that have a run time above or below a given threshold to identify inefficient queries
  • Enhanced User and Computer Filtering – StealthINTERCEPT’s LDAP query filter has been enhanced to reduce unnecessary activity
  • Exclude Query – Users can now apply exclusion filters based on the search string or search base/base DN of the search

Of course, we made lots of other great enhancements to this latest version of StealthINTERCEPT.  To learn more about StealthINTERCEPT 6.1, request a free trial or demo or contact your account representative or STEALTHbits Support to upgrade today!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.