Privileged Password Management - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Privileged Password Management

Description:

A password manager is software that helps a user organize passwords and PIN codes. ... Reseller Partners are organizations who generate revenue by offering services ... – PowerPoint PPT presentation

Number of Views:307
Avg rating:3.0/5.0
Slides: 14
Provided by: ITA143
Category:

less

Transcript and Presenter's Notes

Title: Privileged Password Management


1
Privileged Password Management
  • For BAWSUG
  • by Lu Labrecque
  • from Cbyer-Ark

2
Disclaimer
  • I may work for Cyber-Ark, but what I say is only
    my opinion or understanding, not Cyber-Arks.
    Please dont hold Cyber-Ark accountable for
    anything that comes out of my mouth.

3
Password Manager
  • http//en.wikipedia.org/wiki/Password_manager
  • A password manager is software that helps a user
    organize passwords and PIN codes. The software
    typically has a local database or files that
    holds the encrypted password data.

4
Wiki
  • http//en.wikipedia.org/wiki/Password
  • Factors in the security of a password system
  • The security of a password-protected system
    depends on several factors. The overall system
    must, of course, be designed for sound security,
    with protection against computer viruses,
    man-in-the-middle attacks and the like. Physical
    security issues are also a concern, from
    deterring shoulder surfing to more sophisticated
    physical threats such as video cameras and
    keyboard sniffers. And, of course, passwords
    should be chosen so that they are hard for an
    attacker to guess and hard for an attacker to
    discover using any (and all) of the available
    automatic attack schemes.

5
Privileged Password Management
  • http//en.wikipedia.org/wiki/Privileged_password_m
    anagement
  • Privileged password management software may be
    deployed by organizations to secure the passwords
    for login IDs that have elevated security
    privileges. This is most often done by
    periodically changing every such password to a
    new, random value. Since users and automated
    software processes need these passwords to
    function, privileged password management systems
    must also store these passwords and provide
    various mechanisms to disclose these passwords in
    a secure and appropriate manner.

6
Security Layers
  • Firewall Code-Data Isolation
  • Vault runs on a dedicated server
  • Firewall, which doesnt let any communication
    into the server or out of it other than its own
    authenticated protocol the Vault protocol
  • VPN
  • VPN encrypts every transmission (i.e.
    transactions and data) over the network. About
    95 of the encryption processes occur on the
    client side
  • Authentication
  • EPV uses a strong two-way authentication
    protocol. Authentication is based on passwords,
    PKI digital certificates, RSA SecurID tokens,
    RADIUS protocol, USB tokens, or Windows
    NT/2000/2003 domain authentication.

7
More Security Layers
  • Access Control
  • Users are totally unaware of passwords or
    information that is not intended for their use.
    Permission include read, write, delete, or
    administer.
  • Password and File Encryption
  • unique symmetric encryption key to every version
    of every password or file stored in it.
  • Visual Security
  • Real-time monitoring

8
Even More Security Layers
  • Manual Security
  • Manual confirmation from one or more Safe
    Supervisors. The Safes can only be opened after
    the request has been confirmed. In this way,
    Users can permit or deny a request for access to
    a Safe by other Users.
  • Geographical Security
  • Users can be permitted to log on only from
    certain areas of the network, or from a specific
    terminal.

9
NAISG Emails
  • NAISG TechTips Priviledged User Accounts'
    (system / database administrator)'s Log
    Monitoring
  • NAISG TechTips Town of Sandwich loses nearly
    50k to hacker using a key logger
  • NAISG TechTips 201 CMR 17.00

10
201 CMR 17.00
  • Standards for The Protection of Personal
    Information of Residents of the Commonwealth.
  • "Personal information," a  Massachusetts
    resident's first name and last name or first
    initial and last name in combination with any one
    or more of the following data elements that
    relate to such resident (a)  Social Security
    number (b)  driver's license number or
    state-issued identification card number or (c) 
    financial account number, or credit or debit card
    number, with or without any required security
    code, access code, personal identification number
    or password .

11
Compliance
  • Publicly-traded enterprises are subject to a
    number of governmental regulations that require a
    high level of due diligence when it comes to IT
    security practices, including
  • Sarbanes-Oxley 404
  • Basel II
  • 21 CFR Part 11
  • PCI
  • Gramm-Leach-Bliley
  • HIPAA

12
NERC-CIP Compliance Table
13
Partnerships
  • Cyber-Ark supports a number of different partner
    types
  • Strategic Partners are companies that develop
    complementary software or hardware solutions and
    are looking to co-sell, re-sell or embed our
    technology
  • Reseller Partners are organizations who generate
    revenue by offering services and third-party
    solution to their client base and may be
    interested in adding our solution to their
    portfolio
Write a Comment
User Comments (0)
About PowerShow.com