Carma slide show_4223
-
Upload
rudolf-rieger -
Category
Technology
-
view
99 -
download
1
Transcript of Carma slide show_4223
© 2003/4 Carmasoft
SECURE UNIX & LINUX SOLUTIONS
Secure Servers for profitable Business
Carma Software Incorporated
CARMA – User Access ManagementCARMAContents
• Objectives
• Introduction to CARMA security software
• Security positioned in today’s market
• CARMA – Integrated Server Security across UNIX/LINUX platforms
– Product overview
– Customer complaints
– Business value
• CARMA Competitors??
Carma Software Incorporated
CARMA – User Access ManagementCARMA
Objectives
Carma Software Incorporated
CARMA – User Access ManagementCARMAReducing Cost
IT Infrastructure at your Disposal Reduces Internal Resources Eliminates Redundancy Combined Objectives
– Streamlining applications
– Introducing security
Bolt on Security for traditional systems Applies equally to Small Business as to Enterprise
Carma Software Incorporated
CARMA – User Access ManagementCARMAFocused on:
All UNIX and LINUX Servers
– IBM
– Sun
– HP
– Intel
Challenges due to increasing security demands
Carma Software Incorporated
CARMA – User Access ManagementCARMA
Introduction to CARMA Security
Carma Software Incorporated
CARMA – User Access ManagementCARMA
Carma addresses business infrastructure by aligning procedures with resources and their environmental relationship, thus providing an up-to-date access across the enterprise and an environmental analysis that will facilitate any audit demands.
Not to mention extensive productivity streamlining of end user operation and system user functions.
All this without touching the Operating System’s kernel.
Introduction to CARMA Security
Carma Software Incorporated
CARMA – User Access ManagementCARMACarma Impact
Security Management
•Reduce administrative costs•Improve business efficiency•Increase user productivity•Total boundary control•Total application allocation•Total command level control•Single sign-on•Audit user working session•Access across server platforms
Performance & Availability• Integrate best practices• Deliver rapid ROI• Manage service levels
Configuration & Operations• Reduce costs• Drive efficiencies• Improve productivity
Financial• Cost distribution pattern• Forecasting• Asset register
Carma Software Incorporated
CARMA – User Access ManagementCARMA
CARMA Information Flow
system performanceproductivity surveycapacity planning
costingforecasting
asset register
job schedulingoptimization
infra structure,exceptions, access,
permission, password
C A R M A
SYSTEMADMINISTRATION
&INTEGRATION
PROJECTMANAGEMENT
USER
ITMANAGEMENT
SECURITYUNIT
ITOPERATION
FINANCEMANAGEMENT
Carma Software Incorporated
CARMA – User Access ManagementCARMA
Application x Help Desk Back-Up Media ControlCommunica-
tionsSystem
Maintenanceetc.. Application
Task / Applet
Kernel
Utility
Command
Script
7
6
5
4
3
2
1
Security Belt C A R M A
WHERE IS CARMA POSITIONED ?
CARMA is an extension of your operating system which integrates and monitors all your hosts, networks, system operations, applications and administration to a coherent, well tuned computer system, supporting application and hardware : software interaction.
Any level is obtainable at random at any time from any position
Each and every move is noticed, validated and recorded by the CARMA supervisor
CARMA Supervisor
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA User Access Management
Others
OPERATIONS
DEVELOPMENT
COMMAND LEVEL
PERS. PAGES
SYSTEMMAINTENANCE
COMMUNICATIONMEDIA CONTROLBACK-UPHELP-DESKAPPLICATION
Transactions
Reporting
Audit Trail
Statements
Age Analysis
Month-End
112.1
112.2
112.3
112.4
112.5
112.6
2.1
Accounting
1 2 3 54 6
1.1
Application x
1.2
Invoicing
11.1
11.2Debtors
Creditors
11.2
11.3
111.1
111.2
111.x
etc
( 113.1 - 113.6 )
2.2
2.3
2.x
Security Belt
Secu
rity Belt
Security Belt
Sec
uri
ty B
elt
U
S
E
R
11.x
Invoice
Print Invoice
Client 1
Client 2
Client 3
Client x
System A3.1
3.2
3.3
3.x
D'Base
Program
Applic. x
Hard-Drive
CD
Printing
Tape
5.1
5.2
5.3
5.x System x
System C
System B
Others
Diskette
System
4.1
4.2
4.3
4.4
4.5
4.x
The CARMA deployment is based on the concept of a matrix management structure. The analogy between Project Management and the CARMA approach is no coincidence.
Carma Software Incorporated
CARMA – User Access ManagementCARMA
CARMA TURNS LEGACY SYSTEMS INTO 'ON-LINE' APPLICATIONS
System and ApplicationTraining (est. 3 months)
OperatingSystem
Application
A100Down-
load
Year-E nd
M 050
A200
Yes
Nopag e 12
pag e 20
pag e 8
pag e 2
ReportR10 0
Departm ent1001 20 90
(see page 91)
LogBook
ObtainingDocumentation and
Processing Instructions
Processing according to Flowchartinstructions and available System and
Application Documentation
Print-Out enquiriesand distribution
Taking Notes and updatingLog-Book
WITHOUT C A R M A (None or very little Security)
C A R M A SOLUTION
Application A
1. Download2. Processing3. Printing4. Back-Up5. etc.
Application-Flow, Scripts, Documentation,Notes, Logging, Command access, PrintDestinations, Application- and System-Maintenance are integrated, servicing:
- Security- Operations- Finance- Auditing- End User- System Administration- Management
+ interfacing to graphic applications
Note:Print-outs available to theEnd-User before printing
Application and SystemMaintenance
SpecializedOperationsTeam
C A R M A PORTAL
1. Application A2. Application B3. Help-Desk4. Back-Up5. Media Control6. Communications7. System Maintenance8. etc.
Savings on
- Training- Storage- Paperwork- Administration- Manpower
OperatingSystem
Application
OperatingSystem
Application
Legacy Migration
Carma Software Incorporated
CARMA – User Access ManagementCARMA
Security positioned in today’s market
Carma Software Incorporated
CARMA – User Access ManagementCARMASecurity Issues of Interest
Source: Morgan Stanley CIO Survey, November 2002
Carma Software Incorporated
CARMA – User Access ManagementCARMA The Operating System Authorization Market …...
Customers are demanding stable, sophisticated and streamlined products
Carmasoft has responded with CARMA as an extension to all UNIX/LINUX Operating Systems
A cutting edge solution to security issues
Complete departure from the ‘standard’ security approach
Business needs driving this market:
Reduction of operational costs
Reduction of potential loss of sensitive data
$0
$20
$40
$60
$80
$100
2002 2006
Source: IDC, 3As Market Sizing
….. is a large and stable market…
6.5% CAGR
$M
Carma Software Incorporated
CARMA – User Access ManagementCARMA
U.P.S.
PERIMETER NETWORK
User Group 1
PrintQueue2
PrintQueue1
DataWarehousing
WebApplication1
Application2
Legacy 2 DevelopmentBack-UpRestore
Test Legacy 1
Other PeripheralUnits
User Group n
User
Fax Plotter Scanner
ACCESS NETWORK
ProxyFirewall LoggingAuditing
AdressFilter
Internet
CORE Network
Security Events vs. Investments (%)
High Risk &
Mission Critical
INVESTED
31%
45%
44%
25%
EVENTS
Source: IBM
55%
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA How does it work?
Replicating, consolidating and optimizing the 'Existing Server IT Application & Admin Structure'.
Integrating processes including all system related functions.
Integrating total resources available, allocating and profiling user, network environment (server, peripherals, supplier) plus allocating privileges and other variables.
Thus, combining access across servers of numerous applications, enterprise systems, system administration, HR, system environment and peripherals to a coherent and uniform entry portal.
Deactivation of CARMA functions like an on-off switch (plug-out), the environment goes back to status quo, running under the same condition as before CARMA's deployment. This might be useful in case of system maintenance, application re-configurations or in any emergency situations.
With Carma we create a customized Plug-In by building a Structured Template
Structured Template(RDBMS)
Existing Server IT Application & Admin Structure(unorganized)
SystemEnvironment
&Peripherals
111
14
C A R M A
13
12
122
121
11
112
1112
1111
142
141
11123
11122
11121
HR
111
14
13
12
122
121
11
112
1112
1111
142
141
11123
11122
11121
Carma Software Incorporated
CARMA – User Access ManagementCARMA
CARMA
Integrated Server Security across all UNIX/LINUX platforms
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA for Secure Business
CARMA is a UNIX security and administration tool• A total “firewall” within the firewall for the operating system
• Provides security for business critical applications
• Plugs the #1 threat to enterprise security
• Keeps users within their permitted boundaries
• Enables single sign-on between applications
CARMA is kernel independent and therefore addresses security compliance issues across all types of UNIX and Linux platforms
• UNIX: SCO, Solaris, AIX, HP-UX, plus …...
• LINUX: Red Hat, SuSE, Mandrake, plus …...
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA for Secure Business
CARMA allows for the integration and monitoring of all servers, networks, system operations, applications and administrative functions as a single, coherent, computer system; producing a mirror image of the IT infrastructure.
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA for Secure Business
CARMA provides each user with a personalized profile that restricts access to specified information and tasks within a computer system, and logs all user actions, entries and exits to provide a bullet-proof audit trail.
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA for Secure Business
CARMA reduces staff training and systems operation costs by integrating disparate systems into a coherent whole.
CARMA can also use different cost bases to allocate computer systems costs to multiple departments and users.
The myriad of access auditing features within CARMA allow for accurate event analysis that produces source data for productivity, performance and capacity surveys.
Carma Software Incorporated
CARMA – User Access ManagementCARMA
CARMA for Secure Business
CARMA generates an audit trail on all steps taken by users in chronological order per user session allowing administrators to reconstruct any sequence of events that took place inside the CARMA portal.
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA for Secure Business
CARMA is also a powerful management tool that increases organizational efficiency by:
• Fine-Tuning the existing procedures and processes
• Streamlining a company’s operations from top to bottom
This in turn improves corporate profitability.
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA for Secure Business
Redundant, duplicate and unnecessary procedures are easily identified with the installation of CARMA into an operating environment. This often has an immediate, noticeable effect on reducing IT costs.
Carma Software Incorporated
CARMA – User Access ManagementCARMACARMA Addresses Several Customer Complaints
“Delegation of Root access is ‘necessary evil”UNIX and Linux security is too weak—Root users
have unlimited authority and access
Prevents accountability and trace ability
Results in accidental and deliberate data loss or identity theft
“My UNIX systems always fail security audits”
“Managing one security policy across multiple systems is just too difficult”
Heterogeneous environments create substantial administrative headaches and hassle
Access Control and Monitoring (per user session)• Portal• Application• Task• Script• Command
Unlimited HotKey Allocation
Direct Application & Task Access
User Monitoring
Client created Notes and Documentation
Access Permissions
Password Options
Time Out Control
Task Checks
Time Surveys
Cost Controls
Charge Allocation
Output Routing
Auditing
Customer Pains CARMA Value
For details go to: http://www.carma-soft.com/products.htm
Customer Demands
CARMA Overview
Carma Software Incorporated
CARMA – User Access ManagementCARMAWho Needs CARMA?
Customers running business critical applications
Enterprise Resource Planning (ERP)
Customer Relationship Management (CRM)
Supply Chain Management (SCM)Some industries are especially security sensitive
Financial Services
Telecommunications
Health Care
Government Customers may have extensive partner networks or e-business applications
CARMA is a critical method of reducing identity theft
Existing CA eTrust Access Control customers
Oftentimes are interested in a sleeker, more powerful solution
How many UNIX boxes do you have?
• How many different types of UNIX?
How do you manage security across all those boxes?
How many people officially have the ‘Root’ password?
• How many people have it that you don’t know about?
• What about single sign-on?
Can users delete files or audit logs?
• How do you audit ‘root’ access?
• How do you profile end-users?
• What privileges do you allocate to en-users?
Identifying Customers Pain Questions
Carma Software Incorporated
CARMA – User Access ManagementCARMA Customer Scenario
Result
Phase I IT Infrastructure analysis• Process analysis per application• Command level entry analysis• User profiling according to position and responsibilities within their IT environment)• Relationships between, server, workstation, application, user & tasks• User application access• User hot-keys (identification of the most common tasks)• Departmental x-references, by user and task (costing interface)• Current user access not conforming to new profile
Phase II Switch to CARMA ‘online’• 170 UNIX servers secured• Customer verified that control, audit and scalability requirements had been met
Phase III Permanent Surveillance • Audit of password history and user self-care• Session monitoring per user, action, date and time from start to end
Need
• Audit and control all access (including root access) by individual, time, function and resource
• Scalable solution to be able to secure over 200 UNIX servers• Allow Root access even if network connectivity is down• Push out policy changes to hundreds of servers from a central console
CARMA SOLUTION
Carma Software Incorporated
CARMA – User Access ManagementCARMAAsk yourself the following Questions
What business value do we place on our UNIX servers & contents?
Do we want to know all about our applications, where they are, who maintains them, who access each individual task and who manipulates the contents of our servers?
Do we have high turnover of employees accessing UNIX systems?
Are we sensitive to internal security threat? Would we like audit ability including root user?
Do we want standard access controls across UNIX systems?
Who is sponsoring this at an executive level?
Carma Software Incorporated
CARMA – User Access ManagementCARMA
CARMA Competitors?
Carma Software Incorporated
CARMA – User Access ManagementCARMACompetitive Comparison
IBM Tivoli Access Manager for Operating Systems (AMOS)
Main focus on ‘root’ level entry
Restricted to certain brands of OS and LDAP dependant
Kernel dependant HP Virtual Vault, Trusted Solaris and Argus Pitbull
Positioned as a super secure server products
Tend to focus on niche segments
More complex to implement – significant level of kernel modification
Impacts standard applications CA eTrust Access Control relies on single threaded design
Performance impact to the OS stated as averaging 5-10% (extreme kernel dependant)
Prevents auditing
Decentralized policy management increases administrative overhead
Marketing collateral cites Windows “coverage”
We’ve never seen a Windows implementation (IBM statement)
Carma Software Incorporated
CARMA – User Access ManagementCARMAWhere to find CARMA’s strategies
http://www.carma-soft.com
© 2003/4 Carmasoft
SECURE UNIX & LINUX SOLUTIONS