Improve Your Compliance across UNIX and Linux Environments

1,067 views

Published on

This session describes how to achieve compliance on your Linux and UNIX servers with Novell Privileged User Manager. Enterprises that want to comply with Sarbanes-Oxley data confidentiality, integrity and auditability requirements for privileged user activity will find out how easily it can be done with Novell Privileged User Manager. The session will feature an instructor-led demo highlighting the various aspects of Novell Privileged User Manager. It will also describe how to achieve compliance on Linux and UNIX servers. If you have ever had issues with audits or reporting on Linux root user accounts, then this is the session for you. Find out how easy it can be and how all of this fits in the Identity and Security space at Novell.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,067
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
43
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Improve Your Compliance across UNIX and Linux Environments

  1. 1. Improve Your Compliance Across UNIX and Linux Environments Baber Amin Richard Boulton Business Line Manager NPUM Lead, Novell, Inc. /baber@novell.com Novell, Inc./rboulton@novell.com
  2. 2. Agenda • Privileged Identities • Privileged Identities and Compliance • Novell Privileged User Manager ® • Demo 2 © Novell, Inc. All rights reserved.
  3. 3. Privileged Identities • Least Privilege Concept • Dangers from Privileged Identities 3 © Novell, Inc. All rights reserved.
  4. 4. 4 © Novell, Inc. All rights reserved.
  5. 5. 5 © Novell, Inc. All rights reserved.
  6. 6. Privileged Accounts 6 © Novell, Inc. All rights reserved.
  7. 7. Privileged Accounts Access to Information 7 © Novell, Inc. All rights reserved.
  8. 8. Bypass Controls Privileged Accounts Access to Information 8 © Novell, Inc. All rights reserved.
  9. 9. Bypass Controls Privileged Accounts Access to Information Hacker Target 9 © Novell, Inc. All rights reserved.
  10. 10. Bypass Controls Privileged Accounts Access to Information Hacker Target Insider Threats 10 © Novell, Inc. All rights reserved.
  11. 11. Privileged Identities and Regulatory Compliance 11 © Novell, Inc. All rights reserved.
  12. 12. Privileged Identities and Regulatory Compliance • Sarbanes-Oxley 12 © Novell, Inc. All rights reserved.
  13. 13. Privileged Identities and Regulatory Compliance • Sarbanes-Oxley • PCI 13 © Novell, Inc. All rights reserved.
  14. 14. Privileged Identities and Regulatory Compliance • Sarbanes-Oxley • PCI • HIPAA 14 © Novell, Inc. All rights reserved.
  15. 15. Privileged Identities and Regulatory Compliance • Sarbanes-Oxley • PCI • HIPAA • GLBA 15 © Novell, Inc. All rights reserved.
  16. 16. Privileged Identities and Regulatory Compliance • Sarbanes-Oxley • PCI • HIPAA • GLBA • ISO 27001 16 © Novell, Inc. All rights reserved.
  17. 17. What does Novell offer?® 17 © Novell, Inc. All rights reserved.
  18. 18. 18 © Novell, Inc. All rights reserved.
  19. 19. Who can Initiate an Action? 19 © Novell, Inc. All rights reserved.
  20. 20. Who can Initiate an Action? What Actions can They Initiate? 20 © Novell, Inc. All rights reserved.
  21. 21. Who can Initiate an Action? What Actions can They Initiate? Audit ALL Activity 21 © Novell, Inc. All rights reserved.
  22. 22. Centralized Management 22 © Novell, Inc. All rights reserved.
  23. 23. Compliance Workflow 23 © Novell, Inc. All rights reserved.
  24. 24. 3 Step UNIX/Linux Compliance Solution Step • 100% privileged user keystroke recording 1 • Automated grading of activity risk level 24 © Novell, Inc. All rights reserved.
  25. 25. 3 Step UNIX/Linux Compliance Solution Step • 100% privileged user keystroke recording 1 • Automated grading of activity risk level Step • Super user privilege management 2 • Real-time control and alerting 25 © Novell, Inc. All rights reserved.
  26. 26. 3 Step UNIX/Linux Compliance Solution Step • 100% privileged user keystroke recording 1 • Automated grading of activity risk level Step • Super user privilege management 2 • Real-time control and alerting Step • Proactive compliance management 3 • Auditing the auditor 26 © Novell, Inc. All rights reserved.
  27. 27. DEMO
  28. 28. Scenario 1: Basic Setup Linux / Unix Server Help Desk 1 PUM Agent 2 Auditor PUM 4 3 Framework Privileged User Manager’s components 1. Help Desk accesses the POS devices (directly e.g. SSH) 2. PUM authenticates to PUM 3. Commands via keystroke are recorded and audited 4. PUM Admin authorizes events and reviews risks 28 © Novell, Inc. All rights reserved.
  29. 29. Scenario 2: Large Environments Help Desk 1 PUM 3 Jump-Off 2 PUM Admin PUM 5 PUM 4 Agent Framework Privileged User Manager’s components 1. Help Desk accesses the PUM Jump-Off box pool 2. Jump-Off authenticates to PUM 3. PUM Jump-Off box creates PUM session on target 4. Commands and keystroke are recorded and audited 5. PUM Admin authorizes events and reviews risks 29 © Novell, Inc. All rights reserved.
  30. 30. Scenario 3: PUM and PoS POS Devices * SSH (trusted cert) Help Desk 3 1 PUM PUM Jump-Off SSH-Proxy 2 PUM Admin 4 * Note: zero impact, no 5 PUM software agent installed Framework Privileged User Manager’s components 1. Help Desk accesses the PUM Jump-Off box pool 2. Jump-Off authenticates to PUM 3. SSH-Proxy communicates to POS devices (trusted SSH session) 4. Commands via keystroke are recorded and audited 5. PUM Admin authorizes events and reviews risks 30 © Novell, Inc. All rights reserved.
  31. 31. Novell Privileged User Manager ® SSH Access via ‘Jump Box’ Provide the accountable access via SSH Secure and manage all outbound access to corporate POS machines through ‘Jump-Off’ proxies Reduced cost to associate every POS endpoint Avoided impact to all POS endpoints Audit all access to POS endpoints through Command Control which feeds into Compliance Auditor 31 © Novell, Inc. All rights reserved.
  32. 32. In Closing
  33. 33. You Need Privileged User Management • Critical Apps on Linux / UNIX 33 © Novell, Inc. All rights reserved.
  34. 34. You Need Privileged User Management • Critical Apps on Linux / UNIX • Linux / Unix Server 34 © Novell, Inc. All rights reserved.
  35. 35. You Need Privileged User Management • Critical Apps on Linux / UNIX • Linux / Unix Server • Verify and Audit actions 35 © Novell, Inc. All rights reserved.
  36. 36. You Need Privileged User Management • Critical Apps on Linux / UNIX • Linux / Unix Server • Verify and Audit actions • Admin credential proliferation 36 © Novell, Inc. All rights reserved.
  37. 37. Novell Privileged User Manager ® • Control user access to root accounts • Audit all user activity with 100% keystroke logging • Analyze potential threats based on policy-based risk ratings • Simplify audit reporting with the most relevant, context- based information • Support compliance with internal policies and external regulations 37 © Novell, Inc. All rights reserved.
  38. 38. Customers Include: 38 © Novell, Inc. All rights reserved.
  39. 39. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

×