Wednesday, November 12, 2008

Active Directory-based soln for UNIX & Linux

Centrify Corporation, a provider of Microsoft Active Directory-based auditing, access control and identity management solutions for non-Microsoft platforms, has announced Centrify DirectAuthorize, a software solution that enables organizations to increase security and compliance by controlling how users access systems and what they can do on those systems.

DirectAuthorize centrally manages and enforces role-based entitlements for fine-grained control of user access and privileges on UNIX and Linux systems. This can eliminate a user's need to use the root account or other privileged accounts, thereby allowing those accounts to be securely locked down.

DirectAuthorize is the industry's first Active Directory-based solution for UNIX and Linux privilege management and delegation of root access. Leveraging a common architecture, DirectAuthorize is seamlessly integrated with Centrify DirectControl and complements DirectControl's comprehensive Active Directory-based authentication, access control and group policy support for non-Microsoft systems and applications.

"Unlike Windows Active Directory, UNIX lacks a simple and scalable model for administrative delegation," observed Ant Allan and Jay Heiser, Research Vice Presidents in the Gartner publication, Controlling UNIX Superuser privileges is Critical. "Organizations that allow root logins to mission- critical UNIX servers run unnecessary risks."

DirectAuthorize meets compliance-driven requirements for "least access" management by allowing organizations to centrally define logical roles (e.g. backup operator, DBA, web developer, application administrator, etc.) that carry with them the specific rights needed to perform duties within a role. DirectAuthorize's role-based architecture enables the following benefits:

  • Simplify the execution of privileged commands --- users no longer need to switch to root or other privileged accounts
  • Grant users rights to execute commands with elevated privileges, eliminating the need for access to privileged accounts and passwords
  • Assign users a Restricted Environment with access only to a specific "whitelist" of commands
  • Lockdown sensitive systems with fine-grained access controls that specify who can access a system and how
  • Model date- and time-based access windows to match user roles

Like Centrify DirectControl, DirectAuthorize is tightly integrated into Active Directory, meaning no additional servers or infrastructure is required to run DirectAuthorize. DirectAuthorize stores its role and rights data securely in Active Directory Authorization Manager's existing rights-based logical model and data storage schema found in Windows 2003 and above.

This means no Active Directory schema extensions are required to install and use DirectAuthorize, and customers can leverage the pre-existing Authorization Manager (AzMan) tools and APIs to access DirectAuthorize's roles and rights data. DirectAuthorize is built on top of the DirectControl architecture, meaning the DirectAuthorize user interface is integrated with the DirectControl Administrator's Console and the DirectAuthorize rights enforcers are integrated into the DirectControl Agent. And unlike other solutions, DirectAuthorize requires no UNIX kernel changes or system reboots.

Via:ciol.com

No comments: