Download presentation
Presentation is loading. Please wait.
Published byElise Longacre Modified over 9 years ago
1
Predavač: Aram Kanjić
2
Računi sa širokim ovlastima nad kritičnim sustavima organizacije. Daju pristup: Operativnim sustavima LDAP/AD servisi Bazama podataka Aplikacijama VM Backup SAN/NAS ... Koliko ih ima? Procjena: na 4 admina sa 100 servisa = 400 Tko ima pristup?
3
Prijetnje “Cyber Crime costs can range from $1M to $52M per year per company” Ponemon Institute, First Annual Cost of Cyber Crime Study, July 2010 “Cyber Crime costs can range from $1M to $52M per year per company” Ponemon Institute, First Annual Cost of Cyber Crime Study, July 2010 3 Insiders >Insiders have 2 things hackers don’t: access and trust >Malicious insider attacks can take up to 42 days or more to resolve ( Ponemon Institute, July 2010) Regulativa > Compliance and audit questions are going deeper and wider > On average, non-compliance cost is 2.65 times the cost of compliance (Ponemon Insititute, The True Cost of Compliance, Jan 2011) Cloud Computing > CIO Survey: Security is the single biggest barrier to cloud computing adoption > Migrating to the cloud means losing control over the human factor Vanske prijetnje > Better planned, sophisticated and targeted attacks > Targeting the most valuable assets > Go after the most powerful privileged system accounts
4
ŠTO ŠTITIMO?KAKO? Povjerljivost Integritet Raspoloživost Sastav Distribucija i prijenos Pohrana Istek Promjena Nadzor
5
Discover all privileged accounts across datacenter Manage and secure every credential Enforce policies for usage Record and monitor privileged activities React and comply
6
Rješenja: Dijeljeni računi Svatko svugdje Specijalizirano rješenje
7
'=============================================== 'Rand - Return a random number in a given range. 'Create "random" password '=============================================== Randomize 'init random number seed High = 9999 ' high number value Low = 2 'low number value Rand = Int((High - Low + 1) * Rnd) + Low strpassword = "Secret" & Rand '=============================================== 'Change password '=============================================== strUser = fullusername 'Enter full name of username strOU = userou 'Enter OU where user's account resides here Set objUser = GetObject("LDAP://CN=" & strUser & ",OU=" & strOU & ",DC=testdomain,DC=local") objUser.SetPassword strpassword '=============================================== 'SEND EMAIL '=============================================== Set objEmail = CreateObject("CDO.Message") objEmail.From = "itsupport-newpassword@yourdomain.com" objEmail.To = "Teacher@yourdomain.com" objEmail.Subject = "PASSWORD CHANGED" objEmail.Textbody = "The password for jsmith has been changed to " & strpassword objEmail.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 objEmail.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = _ "nycexch02" objEmail.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 objEmail.Configuration.Fields.Update objEmail.Sendhttp://schemas.microsoft.com/cdo/configuration/sendusinghttp://schemas.microsoft.com/cdo/configuration/smtpserverhttp://schemas.microsoft.com/cdo/configuration/smtpserverport
8
PsPasswd PsPasswd \\computer -u username -p password Username Newpassword \\* @file net user user_name * /domain \\ username dsquery user -samid DoeJ | dsmod user -pwd Pa$$word1!
9
Unified Workflows for Accessing Privileged Accounts 9 External Vendors Unix Admins Business Applications Auditor/ Security & Risk Privileged Identity Management Suite Networ k Devices Virtual Servers Windows Window s Servers Unix Linux Unix /Linux Servers AS400 iSeries Mainframes Databases Applications Security Appliances OS390 zSeries Mainframes AIM Workflow Windows Admins DBAs VM Admins SSH / X / Telnet OPM Workflow AIM Workflow EPV Workflow Monitoring & Reporting Workflow
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.