Loading
BAYOOSOFT
  • Management Solutions
    • IT-Security
      • Access Manager
      • gpg4o
    • MedTech
      • Reinventing Technical Documentation
      • Risk Manager
      • MEDiLEX
    • Telesolutions
      • HospiX
  • About us
    • BAYOOSOFT
      • Software Made in Germany
      • The Co-thinker Team
      • Contact Us
    • News & Events
      • News
      • Events
    • BAYOONET Group
      • BAYOOTEC
      • BAYOOMED
  • Jobs & Career
  • Shop
  • Search
  • Menu

The hidden danger of manual authorization assignments

Fast, unbureaucratic and uncomplicated – this is how the assignment of rights in the system seems to proceed when it is carried out manually by administrators. It is obvious that this makes it difficult to implement the need-to-know principle. In practice, however, more and more extensive authorizations accumulate over time, and not all of them are needed. But that is not all. In addition to the effort involved in manual administration and the historically grown authorizations, there is another problem: undocumented AD groups created by hackers.

This is exactly where Access Manager steps in and offers a way to put a stop to growing permissions and malicious AD groups through automatic SET-ACTUAL matching. We will explain why it is not enough to manually document changes and remove them yourself.

Security gaps due to manual authorization assignments

In recent Exchange hacker attacks, one of the attack tactics is often the creation of new AD groups that gain access to the file servers. This gives hackers access to secret elements. Especially the manual assignment of permissions makes it difficult for an admin to recognize which changes were made from the outside and which from the inside. Accordingly, it can take a long time to identify which groups belong to the “bad guys”. Valuable time is wasted in this process, during which vast amounts of sensitive data can be tapped. Another countermeasure would of course be to temporarily paralyze everything, but the disadvantages of such an action should be obvious. And after these measures, in the end it is still not clear from where exactly the rights and groups came and who inserted them. This means that effectively closing the security gap in order to prevent future attacks in the long term will be costly and complicated.

How the Access Manager works

With the Access Manager, this vulnerability is eliminated. The automatic SET-ACTUAL comparison detects AD groups and not only deletes them directly, but also creates detailed documentation. This makes AD groups easily traceable and closes security gaps. This effectively prevents further damage.

Access Manager positions itself as the primary data source of the authorization system. All changes that have been stored in the Access Manager and set by means of a workflow are finally implemented in the system. All other AD groups and permissions are removed, extensively audited, and can be thoroughly investigated and tracked with comprehensive reports, even after the fact.

Flexibility despite security

However, if you wish to set up access rights directly, this is possible. Portals for administrators and direct authorization assignments are also available within the Access Manager. The TARGET-ACTUAL comparison can be triggered here immediately and the desired right can be implemented in the system immediately – as a primary data source, traceable and secure.

What are AD groups?

Active Directory groups are used to collect user accounts, computer accounts, and other groups into manageable units. Working with groups instead of individual users simplifies network maintenance and management.

Learn more now

To learn more about the TARGET-ACTUAL comparison and the advantages of the Access Manager, we cordially invite you to an individual product presentation. Simply fill out the form below.

Arrange individual product presentation now
Folgen Sie uns schon?
  • Share on Facebook
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Latest News

  • BAYOOSOFT @ MEDICA 202231. October 2022 - 19:09
  • Ein:e Ärtz:in sitzt vor einem Tablet und hat ein Stethoskop um den HalsClinical evaluation according to MDR5. October 2022 - 14:31
  • Header Bild, Bildschirm mit Schloss-SymbolEmail encryption – Which method is the most secure?13. May 2022 - 14:23
Contacts at BAYOOSOFT 

Svenja Winkler
CEO
[email protected]

 

 

Franziska Weiß
Head of Sales
[email protected]

Darmstadt
Lise-Meitner-Straße 10
64293 Darmstadt

Munich
Aidenbachstraße 54
81379 München

Berlin 
Mariendorfer Damm 1-3
12099 Berlin

Contact: [email protected]
Jobs: [email protected]
Press: [email protected]

Phone: +49 (0) 6151 – 86 18 – 0
Fax: +49 (0) 6151 – 86 18 – 150

Contact support
  • Privacy Policy
  • Legal
Quality management systems – Requirements and certification according... Validation of computer-based systems and software: how to make the process ...
Scroll to top