| |
Home > Products > In Focus
|
InFocus: Controlling Privileged Accounts
To prove that a company complies with the Sarbanes-Oxley Section 404 mandate, an auditor must attest to management's internal control assessments. Strict access controls have ceased to be mere common sense - too relaxed or poorly enforced information security policies can become a criminal offense!
Other regulations may not be as explicit as Sarbanes-Oxley, or limited to financial data, but these regs put additional pressures on the IT organization just as well. Auditors must be able to "exclude the possibility for a single individual to subvert a critical process". As a result, controlling privileged access to vital IT systems has become one of the more challenging tasks for IT professionals. On Unix and Linux systems, this is especially difficult since "root" access typically means unrestricted access.
FoxT Solution
FoxT offers what probably is the most complete privileged account management solution available on the market. In a FoxT managed Unix / Linux data center, there is really no need for anyone to know the root password. Centrally managed access rules can be enforced to make strong two-factor authentication mandatory for access to sensitive accounts. And once a user's identity has been securely established, switching to a privileged account by means of "su" or the sudo-like "suexec" command can be done without any knowledge about the root password.
BoKS Manager
The FoxT security server, BoKS Manager, also automates management of SSH public keys and can even link a user's SSH-based access to the X.509 certificate identifying the user. All of a sudden authentication via smart cards while enabling single sign-on for Unix hopping administrators becomes a user-friendly yet extremely secure option!
The centralized BoKS Manager audit log provides detailed information about which user is accessing which machine and service at which time. This is particularly important for a "su to root" event. With BoKS Manager you know the real identity of the user. If you require even more detailed surveillance, the access rule granting permission for "su to root" can be enhanced with mandated keystroke logging. Every single keystroke will then be recorded in the BoKS audit log.
For details see the FoxT white paper "Controlling Privileged Accounts" and read more about BoKS Access Control for Servers, BoKS Access Control for Desktops and BoKS Access Control for Applications.
|
|
|
