140 likes | 368 Views
Component : Security Manager. User Administration : 사용자 등록 관리 Global Sign-On : 사용자 Log On 관리 Security Manager : 보안 정책 생성 및 적용 관리 Policy Director : 웹 서버 접근 관리 Privacy Manager : 개인 정보 접근 관리 Risk Manager : 침입 위험 관리 PKI : 공개 키를 이용한 인증 관리. Component : Security Manager - 특징.
E N D
Component: Security Manager • User Administration : 사용자 등록 관리 • Global Sign-On : 사용자 Log On 관리 • Security Manager : 보안 정책 생성 및 적용 관리 • Policy Director : 웹 서버 접근 관리 • Privacy Manager : 개인 정보 접근 관리 • Risk Manager : 침입 위험 관리 • PKI : 공개 키를 이용한 인증 관리
Component: Security Manager - 특징 • Comprehensive, integrated access management solution • Multiple platforms with a single security model • Role-based centralized security • Comprehensive Solution • Actively prevent unauthorized access • Security engine for UNIX servers : TACF • Solves the UNIX root-user problem • Architecture consistent with RACF in OS/390
Component: Security Manager - 특징(계속) • Flexible auditing capabilities • Focus on particular groups or resources • Focus on security priorities, enterprise-security policy • Cross-Platform Security Management • Resolves disparate security models • Transparent to mainframe and distributed security model • Consistent enforcement of security policy • Across geographic and platform boundaries
Component: Security Manager - 특징(계속) • Improved productivity • Consistent user interface • Endpoints subscription to Security Profile Configuration • Automated security tasks • Secure delegation of maintenance tasks to junior level • Tivoli Management • TEC and Distributed Monitoring for security alarm • Integrated with User Administration
Component: Security Manager - 특징(계속) • Open Security Management • Extensions in Security Manager and User Administration • Guided by the Security Management Working Group • Axent, Check Point Software, CyberSafe, Cygnus • IBM, Internet Security Systems (ISS), MEMCO • Mergent, Security Dynamics • Trusted Information Systems • Allow you to manage other security tasks • Provides solutions to improve productivity and integration
Files, Resources Access Times Login Restrictions Groups, Roles Password Rules Systems, Apps Tivoli Security Manager Finance/Accounting Sales IS Purchasing Groups Resources Roles Payables Operator/Admin Contractor Line Mgrs Systems Databases Information Applications Networks Corporate Security Policies Component: Security Manager - Architecture
Endpoint Subscribers PDOS UNIX OS/400 RACF NT Netware OS/2 OS/390 Component: Security Manager - Consistent Enforcement • Access • Audit • System Central Security Admin. Lockdown Modules Applications, Other Policy Director
Component: Security Manager - PDOS vs SeOS • 접근 제어 결정 엔진의 성능 향상 • PDOS 엔진 : multi-thread 기반 설계(PD for Operating System) • SeOS : single thread 기반 설계(Security Operating System, Memco) • 접근 제어 결정 시간이 SeOS에 비해 절반 이상으로 절약됨 • 접근 제어 결정을 위해 사용되었던 모든 데이터는 재사용됨 • PD Architecture의 이점 • 계층적 파일 시스템 상에서 ACL 상속 가능 • Branch 개념 : 자동 구성 • 부가적인 새로운 기능 : 감사 기능
Tivoli SecureWay Security Manager Tivoli Gateway Management Tivoli SecureWay Policy Director UNIX Servers UX1 UX2 UX..n Cache Cache Cache PDOS PDOS PDOS Component: Security Manager - PDOS Position
Component: Security Manager - Audit & Report • 감사와 로그 내용 • Security administrator actions • Login attempts • Resource access • 감사 보고서 생성 • By user • By resource or resource type • By date/time range • By system • 정책 보고서 • User to role • User to resource relationships….
Component: Security Manager - 효과 • Single Point with All • 관리 집중화 • 모든 대상 관리 • 단일 Interface • PDOS: UNIX 관리 엔진 • TACF의 핵심 • SeOS Migration 지원 • 탁월한 발전성, 통합성 • 생산성 증대 • 관리 효율성 향상 NetWare Notes/Domino Unix AS/400 OS/2 Sun OS/390 HP NT AIX Security Manager Uniform GUI Administrator
Component: Security Manager - Platform • Tivoli Server • AIX • HP-UX • Sun Solaris • Windows • Tivoli Agent • AIX • HP-UX • Sun Solaris • Windows NT • OS/390 Security Server (RACF) • AS/400 • OS/2 • NetWare NDS