Meeting the InCommon Assurance profile criteria using Active Directory

["Rank, Mark" <>]

... or Ron ... ;)

Mark

--------------------------------------------------

Mark Rank
Project Manager - Identity & Access Mgt

UCSF Information Technology Services (ITS)
email:

phn:414-331-1476

--------------------------------------------------

---

From: [] on behalf of Ron Thielen []
Sent: Wednesday, July 10, 2013 11:43 AM
To:
Subject: [AD-Assurance] RE: AD monitoring for failure codes and insecure protocols

I actually sent Brett my PowerShell scripts, flowchart, and event type info a little later yesterday afternoon.

 

Ron

 

From: [mailto:] On Behalf Of Ann West
Sent: Wednesday, July 10, 2013 1:38 PM
To:
Subject: [AD-Assurance] FW: AD monitoring for failure codes and insecure protocols

 

Hi All,

 

Is it appropriate to loop Brett into our discussion and discuss his questions on an upcoming meeting?

 

Ann

 

 

From: Brett Bieber <>
Reply-To: Brett Bieber <>
Date: Wednesday, July 10, 2013 12:32 PM
To: Ann West <>
Subject: AD monitoring for failure codes and insecure protocols

 

Hi Ann,

I'm hoping you can put me in contact with someone looking at the AD alternative means. I'm looking for assistance identifying the proper event codes from the domain controller security logs.

My suspicion is that any institution that is not willing to shut down the insecure AD protocols will need to take the approach Chicago has taken, e.g. monitor and remediate. I'm hoping that we can come to consensus on all the AD event codes to monitor, and perhaps some standard monitoring scripts via powershell or Splunk etc to pull those events out and then perform the appropriate IAQ degradation actions.

 

Thanks for any info you could provide.

 

--
Brett Bieber
University of Nebraska-Lincoln