tag:blogger.com,1999:blog-16858284849277202372011-11-03T23:36:02.691-07:00Former Microsoft Active Directory Security Program Manager's blog on Active Directory SecurityWebmasternoreply@blogger.comBlogger31100tag:blogger.com,1999:blog-1685828484927720237.post-13490107917113996402011-06-20T01:02:00.000-07:002011-07-07T14:43:41.163-07:00Folks,<br /><br />If you're interested in the important area of Active Directory Security, you may wish to consider joining the <a href="http://www.linkedin.com/groups?gid=2006946">Active Directory Security Professionals Group</a> on LinkedIn.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.linkedin.com/groups?gid=2006946"><img border="0" src="http://2.bp.blogspot.com/-6VW2HHHwH9Q/Tf7-AIq-WzI/AAAAAAAAAD0/wgJqS1D1ti4/s1600/AdSecPro.png" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>Today, its 400+ members include highly proficient IT personnel all of whom have a keen interest in this exiiting area of Windows and IT security, and many of whom are highly experienced IT administrators and security architects at some of the most prominent organizations in the world.<br /><br />Some of the organizations represented include Microsoft, Hewlett Packard, Siemens, Paramount Defenses, the U.S. Department of Homeland Security and others. <br /><br />Membership is free, and you're welcome to join&nbsp;and learn from other esteemed colleagues.<br /><br />Best wishes,<br />Sanjay<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1685828484927720237-1349010791711399640?l=www.active-directory-security.com' alt='' /></div>Sanjaynoreply@blogger.com0tag:blogger.com,1999:blog-1685828484927720237.post-10558651769856732872011-06-19T12:38:00.000-07:002011-06-20T00:20:23.614-07:00Folks, <br /><br />In my humble opinion, Active Directory Security is the <em>Final Frontier </em>of Security*<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-fdAdO7XBKC8/Tf5Ln47ZPHI/AAAAAAAAADI/3jJPc6hE8ZM/s1600/USS_Enterprise_NCC-1701-A.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="156" src="http://3.bp.blogspot.com/-fdAdO7XBKC8/Tf5Ln47ZPHI/AAAAAAAAADI/3jJPc6hE8ZM/s400/USS_Enterprise_NCC-1701-A.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"></div>(*Nothing's final, but its vital enough to be deemed almost final for the next few years.)<br /><br />I say so because, after all, from the U.S. White House to the Fortune 1000, at the very security foundation of virtually every organization in the world lies the Active Directory. <br /><br />It is the very foundation of security because the very building blocks of security - accounts, passwords, groups, security policies etc. are all stored, managed and protected, in Active Directory.<br /><br />Should someone be able to compromise an organization's Active Directory, the entirety of all other security protection controls in place, from VPNs to firewalls and from anti-virus protection to auditing systems, could be rendered moot, useless and worthless. <br /><br />Ove the coming weeks, via this <a href="http://www.active-directory-security.com/">blog</a>, and <a href="http://www.identitysecurityandaccessblog.com/">other avenues</a>, I'll share helpful thoughts on this vital subject. Also, because this is a public blog, no sensitive information will be shared on this blog.<br /><br />Sensitive information will only be shared with folks whose identity has been authenticated, via the <a href="http://www.paramountdefenses.com/newsletter.html">Vantage Point</a>.<br /><br />Thanks, and stay tuned.<br /><br />Best wishes,<br />Sanjay<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1685828484927720237-1055865176985673287?l=www.active-directory-security.com' alt='' /></div>Sanjaynoreply@blogger.com0tag:blogger.com,1999:blog-1685828484927720237.post-58375165728446314072011-06-18T02:42:00.000-07:002011-06-18T03:48:54.423-07:00Folks, <br /><br />I'm <a href="http://www.sanjaytandon.com/">Sanjay</a>, former Microsoft Program Manager for <a href="http://www.activedirsec.org/">Active Directory Security</a>, and now CEO of <a href="http://www.paramountdefenses.com/">Paramount Defenses</a>, a valued Microsoft partner.<br /><br />If you've ever delegated authority or provisioned access in Active Directory, or read Microsoft's <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3">official whitepaper</a> on delegation or its <a href="http://www.microsoft.com/download/en/details.aspx?id=16755">official</a> Active Directory Security whitepaper, of if you've used <a href="http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx">fine-grained password policies</a> in Windows Server 2008, or used <a href="http://www.microsoft.com/download/en/details.aspx?displaylang=en&amp;id=19288">dsrevoke</a> (... the list is long), you've come across my work. <br /><br />For five years, I worked for Microsoft, first as Program Manger for Active Directory Security on the Windows Server Development Team, and then as a Risk Assessor on the Threat and Risk Assessment Team with Microsoft IT. Before leaving Microsoft, I also performed an <a href="http://www.paramountdefenses.com/services_security_assessments.html">Active Directory Risk Assessment</a> of Microsoft's global Active Directory deployment.<br /><br />After moving on from Microsoft in 2005, I established Paramount Defenses Inc, a valued Microsoft partner, where I architected <a href="http://www.paramountdefenses.com/goldfinger.html">Gold Finger</a>, the world's first and only accurate <a href="http://www.paramountdefenses.com/goldfinger_accuracy.html">Active Directory resultant-access assessment</a> solution.<br /><br />Today the <a href="http://www.paramountdefenses.com/goldfinger_overview_endorsement.html">Microsoft-endorsed</a> Gold Finger, powered by patent-pending technology is deployed at over 4000 organizations in 70 countries. Perhaps that's because Gold Finger uniquely addresses arguably the most serious of <a href="http://www.paramountdefenses.com/goldfinger_risk_mitigation.html">Active Directory security risks</a>, i.e. the exploitation of unauthorized access in Active Directory.<br /><br />Over the years, I've had the opportunity to work with some of the <a href="http://www.microsoft.com/presspass/exec/charney/">brightest minds</a> in the industry, and to have interacted with 1000s of IT administrators from around the world. I've also spoken at <a href="http://findarticles.com/p/articles/mi_pwwi/is_200412/ai_n8562248/">various conferences</a> (e.g. Microsoft TechEd) and reviewed several products from numerous vendors in this space. <br /><br />I generally share my perspectives over at the <a href="http://www.identitysecurityandaccessblog.com/">Identity, Security and Access Blog</a>, and via <a href="http://www.paramountdefenses.com/newsletter.html">Vantage Point</a>, PD's newsletter, but they're not very technical in nature as they're not for a 100% technical audience. However, after repeated requests from many of our customers, I've established this blog to share some technical stuff on Active Directory Security.<br /><br />Via this blog, I intend to shed light on the most vital aspects of Active Directory. As PD's CEO, time is my most valuable resource, so while I certainly will not be blogging regularly, when I do, I'll try to make each entry be as valuable as possible. <br /><br />You're welcome to tune in.<br />Best wishes,<br />Sanjay<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1685828484927720237-5837516572844631407?l=www.active-directory-security.com' alt='' /></div>Sanjaynoreply@blogger.com0