UNIX and Linux
Administrator
- I am worried about not being
able to log-in to do my job if Active Directory is not available
- I am concerned that the
integration with AD will be very intrusive to my Unix and Linux systems
- I am concerned that the
privilege management model won't allow me to do things as root when I
require it.
- I am concerned that I won't
be able to leverage scripting and automation
- I'm spending a lot of time to
produce information for security attestation
- I'm concerned that each time
I need to do something I will need to go to the Windows guys for
permission.
- Do I need to go changing file
ownerships (chown) once this is implemented?
|
Active Directory Administrator
- I'm concerned that this
solution will require to extend the AD schema
- I'm concerned that I will
need to run services in Domain Controllers
- I'm concerned that the agent
will eat my DCs CPU and Memory with multiple persistent LDAP
connections
- I'm concerned that now I will
have more work since I have to help the Unix group.
|
Security Analyst
- I need to make sure only the
right people can access the Unix and Linux Systems (least access
principle)
- I also need to make sure that
shared accounts (like root) are only used when required
- I need to make sure
accountability is increased
- I need to make sure people
can only have the privileges that they need (least privilege principle)
- I need to satisfy audit
reports and close open audit comments
- We need to align with Regulations (SOx, HIPAA, PCI, etc)
- I am not sure that we can
really pin-point who did what at a certain point (bad change control,
data-breach, etc)
|
IT Manager or IT Architect
- I am concerned that we're
spending a lot of money in point solutions
- I'm concerned that the
project will not yield results on time
- I'm concerned that processes
like password resets, provisioning, de-provisioning, and attestation are
very complex.
- I'm concerned that any new
solution is going to require a ridiculous amount of infrastructure.
- I'm concerned that even though we have top of the line solutions, it seems it takes a long time to get stuff done.
|
No comments:
Post a Comment