Carma slide show_4223

© 2003/4 Carmasoft

SECURE UNIX & LINUX SOLUTIONS

Secure Servers for profitable Business

Carma Software Incorporated

CARMA – User Access ManagementCARMAContents

• Objectives

• Introduction to CARMA security software

• Security positioned in today’s market

• CARMA – Integrated Server Security across UNIX/LINUX platforms

– Product overview

– Customer complaints

– Business value

• CARMA Competitors??


CARMA – User Access ManagementCARMA

Objectives


CARMA – User Access ManagementCARMAReducing Cost

IT Infrastructure at your Disposal Reduces Internal Resources Eliminates Redundancy Combined Objectives

– Streamlining applications

– Introducing security

Bolt on Security for traditional systems Applies equally to Small Business as to Enterprise


CARMA – User Access ManagementCARMAFocused on:

All UNIX and LINUX Servers

– IBM

– Sun

– HP

– Intel

Challenges due to increasing security demands



Introduction to CARMA Security



Carma addresses business infrastructure by aligning procedures with resources and their environmental relationship, thus providing an up-to-date access across the enterprise and an environmental analysis that will facilitate any audit demands.

Not to mention extensive productivity streamlining of end user operation and system user functions.

All this without touching the Operating System’s kernel.

Introduction to CARMA Security


CARMA – User Access ManagementCARMACarma Impact

Security Management

•Reduce administrative costs•Improve business efficiency•Increase user productivity•Total boundary control•Total application allocation•Total command level control•Single sign-on•Audit user working session•Access across server platforms

Performance & Availability• Integrate best practices• Deliver rapid ROI• Manage service levels

Configuration & Operations• Reduce costs• Drive efficiencies• Improve productivity

Financial• Cost distribution pattern• Forecasting• Asset register



CARMA Information Flow

system performanceproductivity surveycapacity planning

costingforecasting

asset register

job schedulingoptimization

infra structure,exceptions, access,

permission, password

C A R M A

SYSTEMADMINISTRATION

&INTEGRATION

PROJECTMANAGEMENT

USER

ITMANAGEMENT

SECURITYUNIT

ITOPERATION

FINANCEMANAGEMENT



Application x Help Desk Back-Up Media ControlCommunica-

tionsSystem

Maintenanceetc.. Application

Task / Applet

Kernel

Utility

Command

Script

7

6

5

4

3

2

1

Security Belt C A R M A

WHERE IS CARMA POSITIONED ?

CARMA is an extension of your operating system which integrates and monitors all your hosts, networks, system operations, applications and administration to a coherent, well tuned computer system, supporting application and hardware : software interaction.

Any level is obtainable at random at any time from any position

Each and every move is noticed, validated and recorded by the CARMA supervisor

CARMA Supervisor


CARMA – User Access ManagementCARMACARMA User Access Management

Others

OPERATIONS

DEVELOPMENT

COMMAND LEVEL

PERS. PAGES

SYSTEMMAINTENANCE

COMMUNICATIONMEDIA CONTROLBACK-UPHELP-DESKAPPLICATION

Transactions

Reporting

Audit Trail

Statements

Age Analysis

Month-End

112.1

112.2

112.3

112.4

112.5

112.6

2.1

Accounting

1 2 3 54 6

1.1

Application x

1.2

Invoicing

11.1

11.2Debtors

Creditors

11.2

11.3

111.1

111.2

111.x

etc

( 113.1 - 113.6 )

2.2

2.3

2.x

Security Belt

Secu

rity Belt

Security Belt

Sec

uri

ty B

elt

U

S

E

R

11.x

Invoice

Print Invoice

Client 1

Client 2

Client 3

Client x

System A3.1

3.2

3.3

3.x

D'Base

Program

Applic. x

Hard-Drive

CD

Printing

Tape

5.1

5.2

5.3

5.x System x

System C

System B

Others

Diskette

System

4.1

4.2

4.3

4.4

4.5

4.x

The CARMA deployment is based on the concept of a matrix management structure. The analogy between Project Management and the CARMA approach is no coincidence.



CARMA TURNS LEGACY SYSTEMS INTO 'ON-LINE' APPLICATIONS

System and ApplicationTraining (est. 3 months)

OperatingSystem

Application

A100Down-

load

Year-E nd

M 050

A200

Yes

Nopag e 12

pag e 20

pag e 8

pag e 2

ReportR10 0

Departm ent1001 20 90

(see page 91)

LogBook

ObtainingDocumentation and

Processing Instructions

Processing according to Flowchartinstructions and available System and

Application Documentation

Print-Out enquiriesand distribution

Taking Notes and updatingLog-Book

WITHOUT C A R M A (None or very little Security)

C A R M A SOLUTION

Application A

1. Download2. Processing3. Printing4. Back-Up5. etc.

Application-Flow, Scripts, Documentation,Notes, Logging, Command access, PrintDestinations, Application- and System-Maintenance are integrated, servicing:

- Security- Operations- Finance- Auditing- End User- System Administration- Management

+ interfacing to graphic applications

Note:Print-outs available to theEnd-User before printing

Application and SystemMaintenance

SpecializedOperationsTeam

C A R M A PORTAL

1. Application A2. Application B3. Help-Desk4. Back-Up5. Media Control6. Communications7. System Maintenance8. etc.

Savings on

- Training- Storage- Paperwork- Administration- Manpower

OperatingSystem

Application

OperatingSystem

Application

Legacy Migration



Security positioned in today’s market


CARMA – User Access ManagementCARMASecurity Issues of Interest

Source: Morgan Stanley CIO Survey, November 2002


CARMA – User Access ManagementCARMA The Operating System Authorization Market …...

Customers are demanding stable, sophisticated and streamlined products

Carmasoft has responded with CARMA as an extension to all UNIX/LINUX Operating Systems

A cutting edge solution to security issues

Complete departure from the ‘standard’ security approach

Business needs driving this market:

Reduction of operational costs

Reduction of potential loss of sensitive data

$0

$20

$40

$60

$80

$100

2002 2006

Source: IDC, 3As Market Sizing

….. is a large and stable market…

6.5% CAGR

$M



U.P.S.

PERIMETER NETWORK

User Group 1

PrintQueue2

PrintQueue1

DataWarehousing

WebApplication1

Application2

Legacy 2 DevelopmentBack-UpRestore

Test Legacy 1

Other PeripheralUnits

User Group n

User

Fax Plotter Scanner

ACCESS NETWORK

ProxyFirewall LoggingAuditing

AdressFilter

Internet

CORE Network

Security Events vs. Investments (%)

High Risk &

Mission Critical

INVESTED

31%

45%

44%

25%

EVENTS

Source: IBM

55%


CARMA – User Access ManagementCARMACARMA How does it work?

Replicating, consolidating and optimizing the 'Existing Server IT Application & Admin Structure'.

Integrating processes including all system related functions.

Integrating total resources available, allocating and profiling user, network environment (server, peripherals, supplier) plus allocating privileges and other variables.

Thus, combining access across servers of numerous applications, enterprise systems, system administration, HR, system environment and peripherals to a coherent and uniform entry portal.

Deactivation of CARMA functions like an on-off switch (plug-out), the environment goes back to status quo, running under the same condition as before CARMA's deployment. This might be useful in case of system maintenance, application re-configurations or in any emergency situations.

With Carma we create a customized Plug-In by building a Structured Template

Structured Template(RDBMS)

Existing Server IT Application & Admin Structure(unorganized)

SystemEnvironment

&Peripherals

111

14

C A R M A

13

12

122

121

11

112

1112

1111

142

141

11123

11122

11121

HR

111

14

13

12

122

121

11

112

1112

1111

142

141

11123

11122

11121



CARMA

Integrated Server Security across all UNIX/LINUX platforms


CARMA – User Access ManagementCARMACARMA for Secure Business

CARMA is a UNIX security and administration tool• A total “firewall” within the firewall for the operating system

• Provides security for business critical applications

• Plugs the #1 threat to enterprise security

• Keeps users within their permitted boundaries

• Enables single sign-on between applications

CARMA is kernel independent and therefore addresses security compliance issues across all types of UNIX and Linux platforms

• UNIX: SCO, Solaris, AIX, HP-UX, plus …...

• LINUX: Red Hat, SuSE, Mandrake, plus …...



CARMA allows for the integration and monitoring of all servers, networks, system operations, applications and administrative functions as a single, coherent, computer system; producing a mirror image of the IT infrastructure.



CARMA provides each user with a personalized profile that restricts access to specified information and tasks within a computer system, and logs all user actions, entries and exits to provide a bullet-proof audit trail.



CARMA reduces staff training and systems operation costs by integrating disparate systems into a coherent whole.

CARMA can also use different cost bases to allocate computer systems costs to multiple departments and users.

The myriad of access auditing features within CARMA allow for accurate event analysis that produces source data for productivity, performance and capacity surveys.



CARMA for Secure Business

CARMA generates an audit trail on all steps taken by users in chronological order per user session allowing administrators to reconstruct any sequence of events that took place inside the CARMA portal.



CARMA is also a powerful management tool that increases organizational efficiency by:

• Fine-Tuning the existing procedures and processes

• Streamlining a company’s operations from top to bottom

This in turn improves corporate profitability.



Redundant, duplicate and unnecessary procedures are easily identified with the installation of CARMA into an operating environment. This often has an immediate, noticeable effect on reducing IT costs.


CARMA – User Access ManagementCARMACARMA Addresses Several Customer Complaints

“Delegation of Root access is ‘necessary evil”UNIX and Linux security is too weak—Root users

have unlimited authority and access

Prevents accountability and trace ability

Results in accidental and deliberate data loss or identity theft

“My UNIX systems always fail security audits”

“Managing one security policy across multiple systems is just too difficult”

Heterogeneous environments create substantial administrative headaches and hassle

Access Control and Monitoring (per user session)• Portal• Application• Task• Script• Command

Unlimited HotKey Allocation

Direct Application & Task Access

User Monitoring

Client created Notes and Documentation

Access Permissions

Password Options

Time Out Control

Task Checks

Time Surveys

Cost Controls

Charge Allocation

Output Routing

Auditing

Customer Pains CARMA Value

For details go to: http://www.carma-soft.com/products.htm

Customer Demands

CARMA Overview


CARMA – User Access ManagementCARMAWho Needs CARMA?

Customers running business critical applications

Enterprise Resource Planning (ERP)

Customer Relationship Management (CRM)

Supply Chain Management (SCM)Some industries are especially security sensitive

Financial Services

Telecommunications

Health Care

Government Customers may have extensive partner networks or e-business applications

CARMA is a critical method of reducing identity theft

Existing CA eTrust Access Control customers

Oftentimes are interested in a sleeker, more powerful solution

How many UNIX boxes do you have?

• How many different types of UNIX?

How do you manage security across all those boxes?

How many people officially have the ‘Root’ password?

• How many people have it that you don’t know about?

• What about single sign-on?

Can users delete files or audit logs?

• How do you audit ‘root’ access?

• How do you profile end-users?

• What privileges do you allocate to en-users?

Identifying Customers Pain Questions


CARMA – User Access ManagementCARMA Customer Scenario

Result

Phase I IT Infrastructure analysis• Process analysis per application• Command level entry analysis• User profiling according to position and responsibilities within their IT environment)• Relationships between, server, workstation, application, user & tasks• User application access• User hot-keys (identification of the most common tasks)• Departmental x-references, by user and task (costing interface)• Current user access not conforming to new profile

Phase II Switch to CARMA ‘online’• 170 UNIX servers secured• Customer verified that control, audit and scalability requirements had been met

Phase III Permanent Surveillance • Audit of password history and user self-care• Session monitoring per user, action, date and time from start to end

Need

• Audit and control all access (including root access) by individual, time, function and resource

• Scalable solution to be able to secure over 200 UNIX servers• Allow Root access even if network connectivity is down• Push out policy changes to hundreds of servers from a central console

CARMA SOLUTION


CARMA – User Access ManagementCARMAAsk yourself the following Questions

What business value do we place on our UNIX servers & contents?

Do we want to know all about our applications, where they are, who maintains them, who access each individual task and who manipulates the contents of our servers?

Do we have high turnover of employees accessing UNIX systems?

Are we sensitive to internal security threat? Would we like audit ability including root user?

Do we want standard access controls across UNIX systems?

Who is sponsoring this at an executive level?



CARMA Competitors?


CARMA – User Access ManagementCARMACompetitive Comparison

IBM Tivoli Access Manager for Operating Systems (AMOS)

Main focus on ‘root’ level entry

Restricted to certain brands of OS and LDAP dependant

Kernel dependant HP Virtual Vault, Trusted Solaris and Argus Pitbull

Positioned as a super secure server products

Tend to focus on niche segments

More complex to implement – significant level of kernel modification

Impacts standard applications CA eTrust Access Control relies on single threaded design

Performance impact to the OS stated as averaging 5-10% (extreme kernel dependant)

Prevents auditing

Decentralized policy management increases administrative overhead

Marketing collateral cites Windows “coverage”

We’ve never seen a Windows implementation (IBM statement)


CARMA – User Access ManagementCARMAWhere to find CARMA’s strategies

http://www.carma-soft.com

Carma slide show_4223

Technology

Transcript of Carma slide show_4223