“Our vision for security is to create a world where there is greater trust — where people and organizations can use a range of devices to be more reliably and securely connected to the information, services and people that matter most to them.” - Bill...

Vendor selection is critical in IT business. I still remember an old story when I joint big blue family last Century: a wise advice was spread among IT decision makers globally: “You will never be fired if you buy from IBM”. It had worked for a...

There was no much exciting news at RSA2007. I think I need to write a few things down here or otherwise I will no longer remember them: - Information Centric Security: The information is the king. However, the king can not live in a castle all the...

I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I'm going to deploy it in production environment. I've seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support...

Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios. Pros: - Enable Federated SSO...

I attended 2006 Microsoft EE & TwC Forum recently and tried to find out if there is any relationship between IAM and TwC. It is interesting that TwC (Trustworthy Computing) has Identity and Access Control as a grand child. At top level, TwC has...

IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here...

Identity & Access Management is an expensive investment in IT. Here are some tips to reduce Total Cost of Ownership: Follow the rule of economy of scale - If more people use the same solution, the unit cost of the solution will decrease. Therefore...

Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system. User Authentication Strategy: · Prepare and...

Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource. Here are some authorization...

Auditing (also referred as Audit or Accounting or Accountability) ensures that the activities associated with user access are logged for monitoring, regulatory and investigative purposes. Auditing Strategies for IAM to be compliance: Identify...

Every time I told a friend I got an IT security job, I was always asked a similar question "Do you catch hackers or virus?". Of course, the popularity of the Internet definitely puts external threats and attacks on enterprise IT security's radar. However...

With right IAM solutions, your business can increase employee's productivity (or avoid the loss) significantly. Before you look into IAM solutions, you should identify major factors impacting employee's productivity in your business. Some common factors...

You can use IAM solutions to help demonstrating regulatory compliance such as SOX Section 404 and 302, HIPPA, GLB, Basel II Capital Accord, FDA 21-CFR-11, HSPD-12, EU Privacy Directive, PIPEDA, and LSF. SOX: There are many SOX compliance tools and...

Some of most popular authentication protocols and standards are: · KERBEROS v5: Kerberos is an open standard for distributed systems authentication ( RFC 1510 ). It relies on shared secret (or password) authentication by users to an authentication...

Micorsoft IT has implemented several internal IAM solutions and here is a list of links. Enabling Cross-Forest Identity Management with Microsoft Identity Integration Server 2003: http://www.microsoft.com/technet/itsolutions/msit/deploy/cfimwiis...

BMC IdM for .NET offers a suite of solutions in .NET environment including workflow, directory management, audit, self service, password management, Web single sign-on, and federation. Pros: - Automated HR driven provisioning - Role based access...

This is a Microsoft centric end to end B2E IAM architecture diagram. Most products are provided by Microsoft. Yellow areas form an IAM system and dependancies are in green. Identity & Access Management Architecture - B2E Microsoft Centric

A major new feature in MIIS SP2 is Q/A (question/answer) based password reset self service. The password management application has 4 UI compoments on top of MIIS SP2: User Registration, Password Self Reset, Password Helpdesk Reset, and Admin. Pros...

This is a sample WMI script to retrieve password change history for a specific account through MIIS. You just need to run it on MIIS server with MA name, domain name and account name as parameters. Option Explicit On Error Resume Next Dim Service...

One of group management solutions is part of Microsoft Identity and Access Management Series and you can download from: http://www.microsoft.com/downloads/details.aspx?FamilyId=794571E9-0926-4C59-BFA9-B4BFE54D8DD8&displaylang=en or http://www.microsoft...

If no product is available (or satisfies your needs) in the marketplace, you may have to build something yourself. Currenlt, I am unable to post my own custom IT IAM solutions (such as group management, remote access management, smart card management...

This script queries capicom com object to get cert expiration date. Capicom.dll must be installed and registered in order to run this script. If you need additional cert info, you can just add more CAPICOM Cert object properties to my sample code. ...

Of all the contenders here, MIIS (Microsoft Identity Integration Server) 2003 stands out in two ways. First, it's by far the cheapest, at least at first glance (more on that later). Second, it's unique in leveraging several features of Windows, as well...

A typical physical access control system is made up of following components: - ID Credential - Door Reader - Door Lock - Control Panel - Access Control Server - Software - Database The access control process begins when a user...