ADAudit Plus helps in a secured gateway communication, allowing servers to communicate using HTTPS protocol. Since corporations deal with confidential data, it is essential that the HTTPS protocol is in place. When you choose secured communication, ADAudit Plus chooses HTTPS ports over insecure ports. The appropriate changes need to be made to the firewall to only allow HTTPS port and disable the other ports. The ADAudit Plus console thoroughly validates all inputs in the GUI. Usage of special characters and HTML code are filtered, and the application is guarded against common attacks like SQL injections, cross-site scripting, Cross site request forgery (CSRF), buffer overflows and other attacks. A secure HTTPS connection and the SSL certificates help in preventing MITM attacks by placing an overcoat of encryption to the data exchanged. This secure connection can be used to forward logs to your SIEM solution to prevent possible exploits. Also, ADAudit Plus allows users to use secure connections(SSL/TLS) while configuring SMS/mail servers, NetApp and EMC storage.
For an added layer of security over HTTPS, ADAudit Plus provides for a certificate based encryption between machines in the network. Users can import third party SSL certificates in ADAudit Plus which encrypts all data transferred between clients and servers. This rules out the possibility of an intercepting attack. Even if an attacker gains intermediate access, he wouldn't be able to make much of the information without the key to decrypt it. However, communication might not be secure post expiry of certificates.
As ADAudit Plus is a complete agentless solution and does not use any proprietary technique, standard Windows ports need to be opened for event log collection. This includes the standard RPC, WMI, SMB ports and a few dynamic ports used for communication. All other ports can be disallowed thereby strengthening security.
ADAudit Plus supports two methods of authentication – Active Directory authentication and ADAudit Plus authentication. Users can log on using their AD credentials or credentials created via ADAudit Plus.ADAudit Plus provides a lockout policy to protect ADAudit Plus users against brute force attacks. For AD authentication, the pre-defined AD policies become applicable.
ADAudit Plus uses the AES 256-bit algorithm for encrypting passwords when storing them in the PostgreSQL database. This ensures that password information always stays secure.
With the increase in software applications, each with their own authentication and password complexity levels, it becomes very difficult to remember all the passwords. Active Directory's authentication and capabilities can be extended to ADAudit Plus letting users log on with their AD credentials. The database constantly synchronizes with the directory, and is automatically updated whenever users are added or removed in AD. This will greatly minimize the risk of unauthorized users accessing ADAudit Plus' web interface. The scope of authorization for users is dealt with in "Role Based administration".
In mid-size and larger networks, it is unlikely for a single person to manage the entire systems administration. ADAudit Plus helps overcome this concern using its 'Role Based Administration' module. This 'Role Based Control' feature not only helps the administrator share his work but also adds an additional layer of network security by restricting access of systems only to authorized personnel. Tailor-made roles such as Guest, Technician, Auditor, etc. can be created and given customized access permissions (read, write, no access, full control) based on your requirement.
ADAudit Plus needs access to Windows Event Viewer to read and collect logged data in order to process logs into graphs and reports. ADAudit Plus collects logs only if the account associated with it is authorized to do so. This data is then encrypted and communicated securely. Additionally, ADAudit Plus supports LDAP over SSL (LDAPS) certificates for secure communication of Active Directory data.
Certain networks are kept totally disconnected from the internet to be capsuled from hacks. ADAudit Plus supports auditing of servers residing in DMZs provided the RPC secure ports are kept open. This ensures that all events in your network are collected and reported on, including servers in DMZs.
ADAudit Plus uses TLS/SSL to provide secure communication on the internet for email notifications. Its also employs the HTTPS protocol for SMS notifications. This way the information cannot be intercepted by hackers and stands to enhance overall network security.