Active Directory


Active Directory® is one of the most commonly used authentication mechanisms for Windows systems. Later versions support lightweight directory access protocol (LDAP) and LDAP over SSL for directory loading. Kerberos and NTLM are common options for authentication. Since Active Directory capabilities are so common in the corporate environment and standards are available to interface with other systems, this is a good choice. However, any LDAP directory service should work. There are two common approaches to Active Directory integration.

One method synchronizes directory information periodically, looking for additions and deletions. A copy of the directory entries is stored in the vulnerability management database for quick reference to access privileges. This is the most common and compatible approach that will use LDAP. Usually, special credentials have to be created to log into the directory system and retrieve the basic information about the users. Using LDAP also affords the system the option of portability to other directory services platforms. Later, when a user attempts to log into the vulnerability management system, the credentials supplied by the user are sent to the authentication system using NTLM or Kerberos. Once the credentials are accepted, the vulnerability management system will apply the privileges stored in the vulnerability management database for that user. A second approach is to natively integrate with Active Directory using the Active Directory in Application Mode (AD/AM) capability that comes with Windows .NetTM Server 2003. This enables the vulnerability management application to have its own instance of a directory service with schema extensions and built-in attributes but still participate in the security structure of the Active Directory domain. Naturally, the services that support this capability must run on a Microsoft-technologybased server. This provides a tightly integrated directory product for Microsoft-directory-committed organizations. A significant advantage of this approach is that Active Directory groups can be used to grant privileges in the vulnerability management system rather than creating an internal set of roles or user groups. The disadvantage is that you may be committed to the Active Directory platform.

Legal Disclaimer

Our website is not responsible for the information contained by this article. Webworldarticles.com is a free articles resource thus practically any visitor can submit an article. However if you notice any copyrighted material, please contact us and we will remove the article(s) in discussion right away.


This article was sent to us by: Minish Omba at 10242009

Related Articles

1. Quantum Cryptography
This paper will cover the field of quantum cryptography. Quantum cryptography is a method of securing information that has reached its time. Until now, any information ...

2. Data Security Solutions
Seclore: Information Rights management (IRM) Company, data protection & control, file security, document Rights Management & ERM Solutions provider ...

3. How to Prevent Data Loss
After one too many bad experiences of waking up to files mysteriously disappearing, I now know better than to throw caution to the wind. This doesn’t mean I&rsquo...

4. Data Conversion, Data Format and Data Entry
In this competitive world, data processing and storage of data in multiple formats is the essence of all great undertakings. It is the accessibility of the data whenever ne...

5. VPN Service (Virtual Private Network): Stay Anonymous Online And Surf The Web Securely
VPN Services will help you to feel safe while suffering the Internet. You have a full access to the Internet, which could not be sniffed by anyone - hackers, hotspot owners...

6. Ways to Secure Your Laptop: Tips and software
Introduction The sure to way to make your laptop secure is to never use them, never bring them with you, never open them nor install soft...

7. Tips for extra password security
Using password programs is one of the best things you can do to protect yourself against password theft. However, even using the most secure password manager can leave you ...

8. The advantages of using Internet password storage
It can be tough to remember one Internet password. However, most people have dozens of Internet passwords, and since security experts recommend avoiding overlap between pas...

9. Virtual Scanners
Active scanners that are created using virtual machine technology generally follow the same strategy as physical machines with some minor differences. Virtual machines can ...