Delegation
Upcoming SlideShare
Loading in...5
×
 

Delegation

on

  • 1,027 views

 

Statistics

Views

Total Views
1,027
Views on SlideShare
1,004
Embed Views
23

Actions

Likes
0
Downloads
50
Comments
0

3 Embeds 23

http://www.netbr.com.br 20
http://www.linkedin.com 2
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The market is evolving into the Dynamic Data center. Customers today are dealing with challenges with VM tracking, Identification, and controlling VM sprawl, and configuration drift. As the number of VM’s grows it is important to have a way to manage the operational and compliance requirements for these environments.
  • As you probably know, privileged identities are accounts that have elevated permission to access potentially sensitive data, run programs, or change configuration settings. To put it simply, privileged accounts like the keys to the kingdom of IT.And, privileged accounts are found virtually everywhere…On every server and workstation platform…On networking and datacenter appliances like routers and switches, load balancers, security appliances…And on almost every type of software you can name, including line-of-business applications, Web services, databases and middleware.Not only are privileged accounts powerful and widespread, but if not controlled these credentials become accessible to more and more personnel over time…
  • New application rollouts and hardware deployments, changes in corporate structure (say, mergers), outsourcing to independent contractors, and changes in employee roles are examples of ways that access can spread in planned ways.There are also unplanned ways that access can spread. For example, as people leave the company they often take password secrets with them. Or, if passwords aren’t changed frequently enough, lack adequate complexity, or are reused across independent hardware and software assets they become more vulnerable over time.As we’ll discuss next, failure to adequately control privileged account access carries a number of risks…
  • It takes just four, basic steps to regain control of privileged identities. These steps are easy to remember because they’re abbreviated as I.D.E.A….First, it’s essential to identify all of the privileged identities that are present on critical IT assets in your infrastructure, whether on server or desktop operating systems, network appliances, line-of-business applications, and so on. And, you’ve got to understand which of these identities are interdependent, so that when you change the credentials of one account you know to update the dependent accounts to avoid lockouts and service disruptions.Next, you’ll want to delegate access to these accounts so that only appropriate personnel can login to critical IT assets, always in a timely manner whenever needed, over a secure communication channel, using the least privilege required (to reduce the potential for damaging errors), with a documented purpose, only during designated times.It’s also essential to enforce rules for password strength, uniqueness (so that a password isn’t reused except where absolutely necessary) and change frequency, synchronizing all of those changes across dependent processes.Finally, having right auditing and alerting processes makes individuals accountable for privileged access, sets the right organizational tone, and alerts management to any unusual events. Let’s take a closer look at how Enterprise Random Password Manager, the privileged identity management solution from Lieberman Software, makes it possible to accomplish these four steps…
  • Enterprise Random Password Manager is distinguished for its ability to discover privileged accounts throughout your infrastructure……on a wide range of server and desktop operating systems; on databases including SQL Server, Oracle, Sybase, and DB2; on Web services platforms, line-of-business applications, network and security appliances, backup systems, and more.After you install Enterprise Random Password Manager, whenever authorized users need access to these systems they get unique passwords, issued on-demand for one-time use, over a secure Web console…
  • … Access is role-based, time-controlled so that the passwords expire and are changed after a configured period, audited and alert-generating so that there’s full accountability, and there’s full support for industry-standard, two-factor authentication like RSA SecurID.Enterprise Random Password Manager generates each new password…
  • … according to configured rules for complexity, uniqueness (to avoid reuse), and change frequency, and it stores these passwords in a secure vault.All password changes are synchronized…
  • … according to configured rules for complexity, uniqueness (to avoid reuse), and change frequency, and it stores these passwords in a secure vault.All password changes are synchronized…
  • … these are examples of how Enterprise Random Password Manager helps our customers comply with PCI-DSS standards.As you can imagine, Enterprise Random Password Manager provides value to many different job roles within IT. For example, we help executive management…
  • … these are examples of how Enterprise Random Password Manager helps our customers comply with PCI-DSS standards.As you can imagine, Enterprise Random Password Manager provides value to many different job roles within IT. For example, we help executive management…
  • For example, we help executive management…… protect corporate assets by ensuring that only the right personnel have access to sensitive data and can make changes to IT assets that could impact critical business processes…… and, as we’ve discussed, we help assure compliance with critical industry initiatives like Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, and many others…… and, as was the case the financial institution that needed an immediate, decisive response when its domain credentials were exposed online, we help our customers to be more agile in the face of new security threats.For IT directors and other managers……we help improve the efficiency of IT staff so they’re spending less time granting access, changing passwords, and documenting the result….… we provide the reporting features they need to show that IT processes are working to support the company’s security policies…… and, we help these managers to mitigate the risks that privileged accounts otherwise introduce in the organization’s day-to-day business as new systems and applications are brought online, changes are made in the infrastructure, or employees join and leave the company.Finally, for the IT administrator…… our products eliminate so many of the cumbersome, error-prone tasks that they face in administering and documenting account access, allowing them to focus on more strategic work that can further their careers…… the products improve security and accountability so that administrators can react more quickly and avoid the blame for service disruptions and security issues…… and, they make it far easier for administrators to provide their managers the detailed information they need, without impacting day-to-day productivity.With that, let’s move on to a live demonstration of Enterprise Random Password Manager.

Delegation Delegation Presentation Transcript

  • Simplifique com Inteligência
  • SoluçõesComuns
    • Provisionamento de Recursos:
    • UNIX, LINUX, WINDOWS
    • Terminal Server e VDI
    • DelegaçãodaAdministração
    • ElevarPrivilégios
    • IntegrarUnix, Linux, Mac & Java com AD
    • Application SSO com AD
    • Single sign-on via AD
    • Authenticação Forte
    • DelegarAtividades
    • MenosPriviégios
    • Segregação de Função
    • AutorizarQuandoPrecisa
    • Relatório de Conformidade
    • ElevarPrivilégioquandonecessário
    • Unificar o login via Diretório AD
    • Unificaratividades via Diretório AD
  • Provisionamento de Recursos
    Active Role Server - Windows
    FortalecimetnodaPolítica: Normalizandocampos, nomes, conteúdos a serempreenchidos
    ControledaAdministração: Poucaspessoas com acessoadministrativodireto no AD, com melhorgerenciamento de privilégios.
    Automação:Permitecriarregrasparaautomatizarprovisionamento de recursos: Exchange, Mobile, Usuários e outrosrecursos do AD.
    Delegação: Delegartarefasparanão-AdministradoresbaseadosemRegras:
    Active Role Server - Windows e
    Privilege Manager – Linux e Unix
    Privilege Manager: Linux e Unix
  • ProvisionarRecursos
  • Enterprise Single Sign On
    SimplificarControle e Acesso:
    Unix, Linux, and Mac no AD
    Vintela Authentication Services
    Applications no AD-based single sign-on/reduced sign-on environment (SAP, Siebel, Oracle, DB2, others)
    Vintela Authentication Services
    Vintela Single Sign-on for Java
    A2A e A2DB
  • Enterprise Single Sign On
  • SAPM
    ElevarPrivilégio,
    QuandoNecessário
    “… shared account password management tools will be used by more than 50% of large enterprises by year end 2010 to manage passwords for shared accounts.”
    Market Overview: Shared-Account/Software-Account Password Management Tools
    “SAPM tools enable organizations to manage passwords for shared and software accounts more effectively and efficiently than manual processes.”
    Market Overview: Shared-Account/Software-Account Password Management Tools
  • SAPM
  • SAPM
  • Simplificar com Inteligência
    Autorizar
    Regras
    Políticas
    Acesso
    Senhas
  • Porque? Privileged Account Password Management
    “… shared account password management tools will be used by more than 50% of large enterprises by year end 2010 to manage passwords for shared accounts.”
    Market Overview: Shared-Account/Software-Account Password Management Tools
    “In any organization, the use of every platform and device ultimately relies on superuser accounts, which are the most powerful in the organization.“
    Best Practices for Managing Shared Superuser and Firecall Accounts
    “SAPM tools enable organizations to manage passwords for shared and software accounts more effectively and efficiently than manual processes.”
    Market Overview: Shared-Account/Software-Account Password Management Tools
  • Analyst & Media Coverage
    “The Enterprise Random Password Manager from Lieberman Software is an extremely powerful tool which automatically discovers, updates, stores and allows secure recovery of every privileged account password throughout the enterprise.“ SC Magazine Group Test: Password Management - August 2009
  • Contas de PrivilégioElevadoTudonaEmpresa
    Servers & Workstations
    Todososhardwares
    TodososS.O.s
    Banco de Dados
    Datacenter Appliances
    Routers & switches
    Aceleradores
    Securança
    Aplicações
    Line-of-business
    Web services
    Database & middleware
    Backup
    Gerenciamento de Identidade e Acesso
    Gerenciamento de Sistemas
  • Contas de PrivilégioElevadoOndeAplicar ?
    MudançasPlanejadasMudançasnão-Planejadas
    Rollouts de Aplicações
    Hardware Deploy
    Corporate mergers
    Outsourcing
    Guest Accounts
    Mudanças de Funções (Employment)
    Delegação e Overlap de Funções
    MudançaPessoas
    Falhas de defaults
    Falta de Expiração
    Complexidade
    AtaquesSociais
    Ataques de “Nomes”
    Serv1, Serv2, Serv3
  • Contas de PrivilégioElevadoComo Resolver?
    Identificae documentatodososativos de TI, privileged accounts e interdependências.
    Delegaapenasosacessos de privileged accounts de forma temporal (time basis), usandomínimo de privilege, com propósito de documentação.
    Fortaleceregras de tamanho, unicidade e frequência de mudanças, sincronizando as mudanças e dependências.
    Monitorae alerta, além de documentartodososacessos: usuais e não.
  • SoluçãoERPMArquitetura
    Web Application
    IIS 6.0 or greater
    SSL
    Clients
    OleDB
    Secure Data Store
    SQL Server or Oracle 11g
    Security Information and
    Event Management (SIEM)
    BMC Remedy, IBM Tivoli ,
    MS SCOM, …
    SDK, Web Services,
    Middleware
    • Password Check Out
    • Management Reporting
    • User RightsDelegation
    OleDB
    ManagementConsole
    Windows Server
    • Alerting
    • Workflows
    • Ticket Management
    • Setup and Configuration
    • Job Scheduling
    • Advanced Reporting
  • SoluçãoERPMArquitetura
    • Continuous Auto-Discovery Safeguards New and Changed Targets
    • Password Change Synchronization Prevents Lockouts and Service Disruptions
    Applications
    IIS, ASP.NET, SharePoint, scripts, configuration files, …
    Databases
    MS SQL Server, Oracle, MySQL, Sybase ASE, IBM DB2
    SMB, SSH, …
    OleDB
    Directories
    MS Active Directory,
    Oracle Internet Directory and all LDAP-compliant directories
    LDAP
    ManagementConsole
    Windows Computers
    Windows Server 2008, 2003, 2000, NT4, Windows 7, Vista, XP
    SMB
    SSH
    Linux, UNIX, and Mainframe
    Sun Solaris, HP-UX, IBM AIX, Red Hat Linux, IBM AS/400, OS/390, …
    SSH
    Network Devices
    Cisco IOS devices and other routers, switches, firewalls, …
  • IdentificarContinuous Auto-Discovery
    Servers
    Desktops
    Aplicações
    Hdw
    WebServers
    Appliances
    Databases
    Backup
    ERPM
  • DelegarSecure Password Recovery
    Role Based
    Time Based
    Auditoria e Alerta
    DuplaCustótia
    MudançasComitadas & Propagadas
    ERPM
    Console Web
  • FortalecerPolítica de Senhas
    ERPM
    • Segregação (SoD)
    • Fortalecimento
    • High Availability
    • Mudança Contínua
    • Auto Discovery (contínuo)
    • Previne Panes
  • MonitorarPolítica de Senhas & Integração
    ERPM
    • HistóricoDetalhado
    • Configuração de Alertas
    • Integração com SCOM e SIEM
  • “PCI DSS Ready”
  • “LiebSoft PCI DSS Ready”
  • Ajuda a Colaboradores
    Executive Management
    Controle dos Ativos Corporativos
    Requerimentos Regulatórios
    Melhorar a Agilidade, sem correr riscos
    Diretor de TI
    Aumentar Eficiência
    Alinar Processos de TI com Política
    Controle das Mudanças: Planejadas e Não
    Administrador
    Automatiza tarefas tediosas e propensa a erros
    Controle com Discovery Contínuo
    Eliminar a conformidade “incerta”
  • Use Cases & Demo
  • Lieberman & Microsoft Product Development Relationship
    Recognized innovator and leader in Privileged Password Protection and Random Password Management
    “Managed” Gold Certified Partner since 1999
    System Center Strategic Alliance Partner
    Most Microsoft Windows Product Certifications of Any Management Vendor
    Six certified products with nearly 20 Windows 7, Server 2008, Hyper-V, Vista, XP & 2000 certifications
    Industry Focus
    Public Sector
    Financial Services
    Healthcare
  • Lieberman & VendorsJoint Marketing Relationship