Joe Sent Me. Multi-Factor Authentication for the Roaring 2020s.

Posted by Grant Mongardi on Thu, Dec 08, 2016 @ 10:31 AM

Tags: Security, AD, Centrify, cloud security

JoeSentMe02.jpg

In the days of Prohibition getting your Appletini was much more difficult than it ever should be. Foremost was the fact that they didn't exist. Other than that you would need to know where a speakeasy was, have the password ("Joe sent me"), and not be a copper (the law enforcement kind, not the British penny). In fact this was Multi-factor Authentication: something you know, something you have, and something you are (or are-not in this case). NAPC can help you revisit these roaring 20's but for the 2020s, and perhaps help you cut down on your Appletini consumption in the process.

Multi-factor Authentication or "MFA" is one of the buzz-words of 2016. Everyone is saying it but many people don't quite understand what the mechanism means to their security. It doesn't just mean that it protects against the brute-force attacks we've now had in our system logs for years, it also means more elaborate exploits can be mitigated

Take this years huge growth in spear-phishing attacks. Some of the largest, most security-concious corporations and government entities fell prey to spear-phishing attacks that involved advanced social engineering combined with compromised email accounts. For the attacker access to the victims email account means that they first analyze the communications in the victims inbox and craft an email interaction masquerading as someone the victim knows and convince them to do something that they wouldn't otherwise do, such as wiring money or sending proprietary information.

Add multi-factor to Windows logins

There are many things you can do to help avoid such a scenario, however MFA is probably the most effective. If all of your internal and privileged resources are protected by MFA then you've short-circuited the attacker at the outset. If the attacker doesn't have the 2nd factor for your email account login then they can't even get started. It doesn't matter if they have password, the 2nd factor prevents them from ever using it.

But attacks  aren't just limited to email. Cloud services are effected as well. Whether it's your office suite, your CRM suite, or even your accountiing solution, you really must protect all of your corporate services. Any little bit of information about your company or internal processes can give a smart attacker a leg-up on how to convince your employees into doing something that they probably wouldn't normally do.

Lastly there is what's inside your firewall: people. People have flaws, and mitigating those flaws can make your work an endless nightmare. Many of the things that an employee might do to ruin your weekend aren't necessarily intentional, but nonetheless can make you wish you could crush their skull with a rock. Ok, perhaps that's a bit extreme but the sentiment is similar. Preventing users from being their own worst enemy can extend inside your firewall as well. Adding MFA to servers, desktops, even network hardware will ensure that nobody inadvertantly has access to something that they shouldn't. Also, sharing their account information "for convenience" becomes useless. Also by adding MFA to a tunable privilege escalation mechanism you ensure that they are both the actual person that they say they are and are allowed to do what they are doing, and for everytime they do it. 

Contact NAPC today and we can help you navigate all of these issues and address any concerns you might have with reliable, secure solutions from Centrify. NAPC has the expertise in all of these technologies and experience in addressing all of your issues. Whether you have an audit pending or have had an "event" that you need kept confidential, NAPC can help.

Learn More about securing your Enterprise with MFA  

How to tell if it's Active Directory Integration or just seasonal allergies

Posted by NAPC Marketing on Wed, Jun 04, 2014 @ 10:32 AM

Tags: Active Directory, Centrify, authentication, single sign-on, remote access, file-sharing, monitoring, cloud security

Screen_Shot_2015-04-02_at_2.01.03_PM

To those of you with runny noses and watery eyes, it will come as no big surprise that it’s allergy season. And, lucky you, if you do have allergies you most likely have more than one. No problem, just take that one big dose (or shot, or drop) that covers them all, right? Sadly, wrong. Treatment for dust mites won’t help for ragweed. Trees and dogs occupy different categories.

Kind of like all those people with their different devices. In this BYOD world we work in, it’s an IT nightmare of different passwords, user names, authentication and security needs. Enough to make eyes water and throats itch. One solution can’t possibly cover all these bases, right? Happily, wrong.

Using Centrify as an “immunity” boost for our existing, familiar Active Directory, our users (PC and MAC) can access a variety of websites from both their desktops and their mobile devices simply by using their existing AD credentials. Centrify also gives them useful tools that allows them to reset their passwords as needed, track the location of their mobile devices, and remote-lock and remote-wipe their mobile devices. One password does it all!

Granting access to these services, while still being able to maintain our privacy (and our customer's privacy) is game changing, but still requires that we keep a vigilant watch on how our internal services interact with our external services. Salesforce,

Google, Office365, WebEX, Box, DropBox, Zendesk and many more already support Centrify directly so it's simple to configure them to work with our Active Directory logins. And we don't even need to open ports on our firewall to do it.

Happy users, less-stressed IT people; it’s a beautiful balance that bring tears to my eyes…or it could be allergies.

Rid yourself of bothersome AD integration symptoms! click here.

We can help- Active Directory

Posted by Rob Pelmas on Tue, Sep 17, 2013 @ 11:59 AM

Tags: AD, Active Directory, Centrify, Unix

I'd like to start a discussion regarding the many offerings we can provide to make your life easier, more productive, and more secure. One area we excel in and can help you out with is Active Directory Integration, Security and Auditing.


Active Directory is wildly popular in the enterprise, and with good reason. It's arguably one of the best products Microsoft has come out with. A single point of entry for new employees, permissions, and security, it's a great way to make sure you know who has access to systems, that password security meets a standard, allows users to be turned on and off centrally, and it 'just works'.


NAPC has partnered for years with Centrify, the leader in Non-Windows AD integration. We've been using them for Unix integration since they first came out with their world class solutions, and they just keep getting better. You probably know of us and them from your Xinet server. We also have been doing Mac desktop integration (Centrify leans on us for this expertise when they need implementation !). Check out our video on easy rollout of desktop macs to get a sense of what can be done, in addition to the basics-

http://www.youtube.com/watch?v=VHrvZiYEZaE


That's just the tip of the iceberg though. Centrify and NAPC can provide data-center wide services- helping implement AD integration across all your *nix systems. There's a very powerful suite of permissions tools included, so you not only get a stable central authentication structure, you also get an easy way to put 'like' servers into admin groups, and assign rights for users and groups to multiple servers simultaneously. This is tremendously efficient. They have the ability to apply sudo permissions as well in this way, all through an easy, intuitive interface.


On top of this, there's even a great story for Windows servers. Centrify gives reporting capabilities that AD itself doesn't. The suite includes much finer grained abilities to search for idle users, accounts, and machines. We've had people fail SOX audits, and been shown the tool in Centrify that  would have caught the exceptions beforehand. And with automated reporting, you can show the auditors you're trapping for this now, and there's no more examples of it. Talk about looking like a hero!


Another example of what can be done is ongoing auditing of systems. You can load a very lightweight client on any Unix or Windows machine that will actually record screen captures of a users actions. That way, if a system goes down, and an Admin or service provider can't remember exactly what they did, you can watch a video of them typing, mistyping, pushing buttons. This helps you from a SOX auditing standpoint for allowing remote providers in, but also allows you to understand exactly what was done that broke the system. This is hugely powerful, not only to speed up recovery, but also from a training perspective for your admins.


This just breaks the surface of what the tools are capable of. Please feel free to reach out and ask what else can be done, or if you have specific needs, or just feel like you could be doing more on the security and auditing front. Odds are, there's a solution that can address your needs, get you home on time, and sleeping soundly!


Deploy Macs Quickly and Simply With Centrify

Posted by Grant Mongardi on Wed, May 22, 2013 @ 01:56 PM

Tags: Centrify, Unix, Linux, IT, Macs, DirectControl, Windows

Mac

You're struggling with Mac deployments and wasting your valuable time fine-tuning the user experience on every Mac you release. You're sick of running around to desktops just to change minor settings like DNS, proxies, or background images. Who has the time?

Thanks to Centrify, you can deploy your Macs simply, quickly, and cheaply with a modicum of effort and the ability to easily customize the end user experience all with a single OSX image file, all from the comfort of your desktop. 



You can easily manipulate the users' look and feel based on the role of the machine, so a kiosk would look different from a laptop or a desktop. This all happens after deployment, meaning the look and feel changes all happen after the users logs into their respective Macs.

Watch the video for the full rundown of how Centrify will make your life a lot easier when deploying Macs. There's much more to learn about Centrify on our site! 

 

Bam! How Centrify Makes Mac IT Work Easier

Posted by Grant Mongardi on Tue, May 21, 2013 @ 02:58 PM

Tags: Centrify, Unix, Linux, IT, Macs, DirectControl, Windows

CentrifyLogo

Working in IT presents a variety of challenges, especially when you're on a Mac. Whether it's running on licenses because your Mac users never release them or needing to manage recordable devices because of oversight by some regulatory committee, Centrify can save you a lot of time and headaches. Just like that - bam!


 

Centrify has a very low cost desktop version that allows you to control rights on Apple computers. Part of that is the ability to easily roll out dozens of new machines with minimal work. It's a common need, and we've a way of doing it no one else has. Centrify's DirectControl for Mac allows for joining Macs to AD and applying REAL Microsoft policy using Microsoft's Policy Management MMC. Stop trying to pass off configuration management as policy, and then spending hours explaining it to your auditor.

That's just the tip of the iceberg with Centrify, where you can:

-Create accurate, robust and customizable reports on everything AD
-Deploy, Manage, control and Customize your Mac Desktops.
-Manage your Mobile devices and control your BYOD devices (bring your own device)
-Realize all of your Single-Sign-On (SSO) desires.
-Manage user-privilige on Windows, Linux and Unix systems
-Monitor, Record and Audit user activity on Windows, Linux and Unix.

So when you're working in IT, there's no need to get that sinking feeling that your Mac will give you more hurdles and obstacles than you have time for. Centrify can make management and control problems go away with a bam!