450 likes | 954 Views
Wallix AdminBastion v2.2 Secure accesses and trace actions performed by IT service providers and administrators. New needs and challenges. 2. Administrators passwords. Administrators must learn passwords , commit them to memory and change them regularly
E N D
Wallix AdminBastion v2.2 Secure accesses and trace actions performed by IT service providers and administrators
Administratorspasswords Administrators must learnpasswords, commit them to memory and change themregularly Post-it notes are multiplyingaroundscreens • Nobodyknowswhere all the passwords are stored, sometimestheystay in the head of the administrator !
IT teams turnover One of my administrators is leaving the company. Where are his passwords? I need to gather information on his accesses, deactivate them and change them on all equipment I need to communicate the changes internally How do I make sure that he won’t be able to access the company’s IS anymore? Employees who steal or divulge company’s data do it when they leave the company to work at a competitor (70 %) or when they create their own business (23 %)
Accidents happen Customers’ database is down following a maintenance operation No way to find who is responsible for sure It’s difficult to find the cause ORIGIN AND TRACEBILITY OF ACTIONS Wheredoes the error come from? Can I replaywhathappened? How do I find the origin of the incident?
External Service Providers I don’t know what my service providers are doing There are many connections to critical servers and devices: I don’t know who’s logged in, when or how they do it! I must manage their access and monitor them when they’re working on my IS I need to be able to change providers if necessary PROVIDER MANAGEMENT How can I be sure that their access are monitored? How do I trace the origin of the incident? Who’s responsible?
Concepts Unix / Linux Server Windows Server Network Equipment Administrators Developers Security Officers Application Traceability External Providers Access control Centralised Authentication
What the WAB can do for you ? Access control for internalusers and external providers Trace connections to sensitive equipment • Easy access management for login and passwords • Strong Authentication for system administrators (through external solutions) • Alert messages (ex : e-mails) when there’s a connection to a critical server
Supportedprotocols TARGET EQUIPMENT USER RDP VNC RDP Https SSHv2 SFTP Http/Https SSHv2 SFTP Telnet rlogin Authorisation of SSH features • Shell Session • Remote command • SCP (upload & download) • X11 Forwarding
Session Recording Sessions are saved and stored in flash format (they can be played on the user’s computer) You can replay RDP sessions with the integrated Player • Weight : 1,5 Mb / minute (average) RDP SESSIONS (WINDOWS) SSH/TELNET SESSIONS • Command lines entered by the user are stored as well as the equipment’s response • Information are available in a text file or in a video file
SSH Flow Scanning In the example above, the expression ‘passwd’ can be found of the « forbidden commands » list The detection of the expression ‘passwd’ triggers an alert and/or the termination of the connection.
Internal Architecture OPTION 1 The WAB appliance hosts the users’ database, ACL’s and the equipment database OPTION 2 The WAB appliance connects to an external directory * to authenticate the users * LDAP, Active Directory, Radius
StrongAuthentication Technologies • RSA SecurID • Radius • ActivCard • Others New ! X509v3 certificates are now supported
Case study VPN
Client-server Application Web Interface RDP Client virtualized Windows XP/7 or Windows TSE Client d’administration
WAB – EasyDeployment No need to install an agent on any of the equipment • Time saved during the deployment period • Easy integration in the existing infrastructure • Lower TCO No extensive training is needed for the users • No change in work methods • A user can keep working with his usual tools(TSE/RDP client, Putty, WinSCP, command line …)
Appliance or Software Appliances 6 available models: from WAB 25 to WAB 600 Virtual machines VMWare ESX 4 virtual appliance
Easy to use Web interface (https) available in English and in French • IE7+ and Firefox 2+ Compliant Command Line Interface • You can use the WAB withexternal scripts or third party applications • You can define profiles with specific rights (ex: auditor) • It’s possible to define the type of actions that can be performed by a particular WAB user/administrator
Reporting and Alerts You can export data at csv format for later use Define real-time alerts (mail & logs) : • Forbidden character string detection (SSH) • Failure to authenticate • Failure to connect to a target account … Daily connection report sent by e-mail REPORTING ON CONNECTIONS
Raise the securitylevel Record and Replay Sessions SECURITY LEVEL Centralize and simplify authorizations and password management COMPLEXITY StrengthenAccess Control Policy SECURITY LEVEL MANAGEMENT SECURITY NEEDS PREVENTION OPTIMIZATION VERIFICATION
Questions Contact usITSS109, rue du Pont du CentenaireCH – 1228 Plan-les-OuatesSwitzerlandTel: + 41 22 706 20 80www.itssglobal.com