Learn With Me: Specops

choubertsprojects

The Best WordPress plugins!

1. WP Reset

2. WP 301 Redirects

3. WP Force SSL

Specops is a new concept coming to life and it’s not just another app that helps you learn more about technology. This platform uses blockchain-powered incentives to create an open community of learners, mentors and experts who can help improve one another’s skillsets. It also allows users to earn tokens by completing tasks or activities on the platform like answering knowledge questions or writing code snippets.

The “specops password auditor” is a free tool that allows users to see the passwords of their websites. Specops is a security tool that helps you find out if your website has been compromised.

Learn With Me: Specops

Welcome back to the ATA Learn with Me series on using Specops to safely manage Active Directory (AD) credentials! If you’ve missed any of the prior posts, you can catch up right here. Today, and in our last piece in this series, we’ll look at Specops’ Secure Service Desk solution, which enables service desks securely identify users.


Agents must know who they’re talking to whether a user needs to change their password, unlock their computer, or ask a service desk agent to do anything else. A service desk representative must validate a caller’s identification rather than accepting the person’s word for it on the other end of the line. Specops Secure Service Desk is the place to go.

Secure Service Desk is a solution designed to rapidly and securely identify a person so that they can get to what matters most, allowing users to be more productive.

Check out the review video that goes along with this article if you want to learn more about Secure Service Desk.

 

Secure Service Desk’s Multi-Factor Authentication Strategy

In every password reset procedure, authenticating user requests to change passwords is a key step. An organization cannot just trust the requestor’s word for it, or even try to identify the requestor’s voice on a phone call or face on a video conference. Deep fakes created by AI are almost indistinguishable from the actual thing.

A user seeking permission to reset a password may be authenticated in a variety of ways. Multi-factor authentication is one of the most secure methods to identify a person (MFA). MFA uses three fundamental characteristics to securely identify users.

  • Something that a person is aware of, such as a password or PIN.
  • Have – A tangible device, such as a smartphone with an authentication app or a key fob.
  • Are – Something that identifies a person, such as a fingerprint or iris scan.

Organizations that utilize a technology like Secure Service Desk to help users through registering each (or a combination) of these traits ahead of time may deliver a secure password reset experience utilizing user identification whenever the need arises.

MFA services are available via Secure Service Desk not just for end users but also for Secure Service Desk administrators.

Workflow for Password Reset and Architecture

Secure Service Desk is part of the Specops Authentication ecosystem, and its main purpose is to provide a secure means to identify and authenticate users. The fundamental architecture of where Secure Service Desk falls within the Specops umbrella of products may be seen below.

When a user has to reset their password (or conduct any other operation that requires authentication), they all utilize Secure Service Desk in the same way.

  1. Send a request to the support desk for a password reset or computer unlock.
  2. The service desk performs a user identification job based on the user’s registered identity service, such as an SMS code, Questions with a Twist, the Authenticator by Google app, or even a Facebook login!
  3. The user enters the necessary personal information.
  4. The user’s request is assisted by the support desk representative.

https://specopssoft.com/support/secure-service-desk/overview.htmhttps://specopssoft.com/support/secure-service-desk/overview.htm

What you may not see is how Secure Service Desk fits into your existing environment. Rather of creating their own protocol or storage mechanism, Specops opted for simplicity and relied on your on-premise AD.

The simplicity of all Specops goods appeals to me. They each tend to specialize on a single use case and adhere to it. Unnecessary elements that seem to have been tacked on will not be found. Instead, you just receive the features that you need.

Users Are Authenticated in a Secure Service Desk

Let’s imagine Joe User has to reset his Active Directory password, and his company has Specops Secure Service Desk installed. Joe calls the service department and asks for his password to be reset as soon as possible.

The service desk representative opens Secure Service Desk, which has a user-friendly interface like the one shown below, and starts the verification procedure.

Joe has nine distinct methods to validate himself, as you can see!

  • Message sent through text (SMS code)
  • Email for business
  • Emails sent to individuals
  • Duo
  • PingID
  • Authenticator by Google
  • Identification of the Manager
  • Questions with a Twist
  • Windows Authentication

Users Are Authenticated in a Secure Service DeskUsers Are Authenticated in a Secure Service Desk

Secure Service Desk employs an identity service weighing system that requires the service desk agent to validate Joe using one or more identification methods, according on your organization’s wishes. Each identification service has a desired “weight” depending on the amount of stars granted to it, as shown below.

identity services have a preferred "weight" based on the number of stars assigned to each. The amount of stars granted to each identification service determines its chosen “weight.”

For example, if Joe can authenticate with his fingerprint, that ID method is considered secure and is the only method he needs to authenticate. If he doesn’t have that method set up, he can have a code sent to his email and answer some Questions with a Twist, for example, that combined each add up to the required three stars.

Specops provides a mobile software called Specops Fingerprint that can authenticate users using Touch ID or Face ID on iOS or the Fingerprint API scan functionality in Android v6+ devices.

Joe’s company has set a policy for him, requiring the service desk representative who authenticates him to use specified identification services.

Secure Service Desk Policies from Specops

For all of you IT and InfoSec professionals out there, no product would be complete without a fantastic administrative experience! Secure Service Desk has an easy-to-use interface for assigning essential settings to Secure Service Desk administrators.

Only Secure Service Desk agents are subject to Secure Service Desk rules. Other parts of the Specops Authentication ecosystem create user-based regulations.

Secure Service Desk administrators may be assigned a limited number of policies. You may, for example, require Secure Service Desk administrators to authenticate the identity of users before they can help, depending on how tight your organization’s regulations are.

Below is a policy option that prevents Secure Service Desk agents from resetting a user’s password unless the user can authenticate themselves first. Some companies may not favor this alternative, for example, if a user was unable to properly enroll in identity services.

Secure Service Desk agents are required to identify themselves. Secure Service Desk agents are required to identify themselves.

You may also block Secure Service Desk agents from establishing passwords for users as an extra degree of protection. Instead of enabling Secure Service Desk personnel to reset passwords directly, you may create a policy that forces end-users to get random passwords.

By prohibiting Secure Service Desk agents from controlling passwords, you create an extra layer of protection by ensuring that the password is only known by the end-user at any given moment (not even the Secure Service Desk agent).

Using auto-generated passwords as a requirement Using auto-generated passwords as a requirement

Reporting

What sort of solution would be complete if it didn’t have comprehensive auditing and reporting capabilities? Secure Service Desk keeps track of every activities and makes it easy to navigate. Inside the reporting tool, you’ll see every occurrence you can think of.

Actions conducted inside Secure Service Desk are connected with activities from other Specops products using Specops Authentication reporting. When examining Secure Service Desk, I went through an excellent example of an identity verification procedure, which you can see here.

You can also handle user enrollments, Secure Service Desk agent password resets, and machine unlocks using the reporting function.

Auditing the Service Desk in a Secure Environment Auditing the Service Desk in a Secure Environment

If you don’t like the grid layout, Secure Service Desk also has a graphical dashboard that shows all user identification actions in one place.

Dashboard for Secure Service Desk Reporting Dashboard for Secure Service Desk Reporting

Conclusion

Secure Service Desk, like other Specops products, performs as expected. It seems to have fixed a major issue with password resets: user authentication. I can see that Specops spent a significant amount of time and effort developing identity services for the product.

Secure Service Desk supports almost every MFA solution you can think of, thus I doubt you’d be able to locate an identity provider that isn’t supported. It’s fantastic when a product comes with so many possibilities right out of the box.

During my testing, I found no significant flaws in the product. User registration was simple, management was simple, and the identity providers I put up performed as intended. My main issue at first was a lack of documentation. It took some trial and error to get things operating, but administration was simple once I became comfortable with the product.

I wouldn’t hesitate to suggest Specops Secure Service Desk to a company in need of a more secure means to confirm customer password resets and machine unlocking.

Specops is a command-line tool that allows users to search and download app packages from the iOS App Store. Specops tools also allow users to perform operations on their apps, such as update them, delete them, etc. Reference: specops tools.

Related Tags

  • specops login
  • specops password policy
  • specops logo
  • spec ops
  • special operations

Table of Content