Tuesday, March 25, 2014

Labs: Centrify for Servers Enterprise Edition 2014 - Speedy Evaluation

I've posted this video playlist:



It covers Centrify Enterprise Edition 2014 and provides a full product evaluation experience for security access controls (Authentication, Authorization, Auditing).  Here are the evaluation objectives.

Category 1:  AD Integration and Authentication - Standard Edition

  1. Does not require any schema extensions or software loaded in DCs.
  2. Not all AD users have access to UNIX/Linux systems by default
  3. Solution uses Standards and Frameworks (LDAP, Kerberos, PAM, NSS)
  4. Solution does not synchronize identities or passwords
  5. UNIX-enabled AD users can be controlled from AD  (enabling/desabling, logon hours, etc.)
  6. Integrating UNIX/Linux systems can be performed from the GUI or command line.
  7. AD Security policy is enforced in UNIX/Linux Platforms.
  8. Multiple UNIX identities can be assigned to the same AD User
  9. UNIX secondary group memberships can be managed from Active Directory as well
  10. Authentication can be streamlined with SSO mechanisms.
  11. Provisioning/Deprovisioning of UNIX users and groups can be automated.
  12. Filer integration (Samba or NFS) - identity consistency for files and folders
  13. High-availability:  Users should have access if AD is not available.

Category 2:  Access and Privilege Management - Standard Edition

  1. Systems can be grouped using different criteria to enforce access.
  2. Access can be limited based on groups of systems defined above (role-based access control)
  3. Roles can be defined to control how the user signs into the system and the privileges that can be granted (Role-based access privileges)
  4. Provides mechanisms to verify who used their privileges
  5. Provides the ability to enforce separation of duties (operations vs. governance)
  6. It's intuitive to find out who has access to what system and what can they do

Category 3:  Advanced Auditing - Enterprise Edition

  1. Provides a detailed view of user's activities (user, system accessed, duration, client computer, activities)
  2. Provides a contextual view of the actions performed (replay capability)
  3. Provides the ability to search sessions based on queries.
  4. Provides the ability to view when privileges are used across systems

Environment



No comments:

Post a Comment