Meeting the InCommon Assurance profile criteria using Active Directory

[David Walker <>]

Fine with me.

David

On Wed, 2013-07-10 at 18:38 +0000, Ann West wrote:
>     Hi All,
>     
>     
>     Is it appropriate to loop Brett into our discussion and discuss his questions on an upcoming meeting?
>     
>     
>     Ann
>     
>     
>     
>     
>     From: Brett Bieber <>
>     Reply-To: Brett Bieber <>
>     Date: Wednesday, July 10, 2013 12:32 PM
>     To: Ann West <>
>     Subject: AD monitoring for failure codes and insecure protocols
>     
>     
>     
>     Hi Ann,
>     
>     
>     I'm hoping you can put me in contact with someone looking at the AD alternative means. I'm looking for assistance identifying the proper event codes from the domain controller security logs.
>     
>     
>     My suspicion is that any institution that is not willing to shut down the insecure AD protocols will need to take the approach Chicago has taken, e.g. monitor and remediate. I'm hoping that we can come to consensus on all the AD event codes to monitor, and perhaps some standard monitoring scripts via powershell or Splunk etc to pull those events out and then perform the appropriate IAQ degradation actions.
>     
>     
>     Thanks for any info you could provide.
>     
>     
>     -- 
>     Brett Bieber
>     University of Nebraska-Lincoln