Presentation is loading. Please wait.

Presentation is loading. Please wait.

Predavač: Aram Kanjić. Računi sa širokim ovlastima nad kritičnim sustavima organizacije.  Daju pristup:  Operativnim sustavima  LDAP/AD servisi  Bazama.

Published byElise Longacre Modified over 9 years ago

Similar presentations

Presentation on theme: "Predavač: Aram Kanjić. Računi sa širokim ovlastima nad kritičnim sustavima organizacije.  Daju pristup:  Operativnim sustavima  LDAP/AD servisi  Bazama."— Presentation transcript:

1 Predavač: Aram Kanjić

2 Računi sa širokim ovlastima nad kritičnim sustavima organizacije.  Daju pristup:  Operativnim sustavima  LDAP/AD servisi  Bazama podataka  Aplikacijama  VM  Backup  SAN/NAS ...  Koliko ih ima?  Procjena: na 4 admina sa 100 servisa = 400  Tko ima pristup?

3 Prijetnje “Cyber Crime costs can range from $1M to $52M per year per company” Ponemon Institute, First Annual Cost of Cyber Crime Study, July 2010 “Cyber Crime costs can range from $1M to $52M per year per company” Ponemon Institute, First Annual Cost of Cyber Crime Study, July 2010 3 Insiders >Insiders have 2 things hackers don’t: access and trust >Malicious insider attacks can take up to 42 days or more to resolve ( Ponemon Institute, July 2010) Regulativa > Compliance and audit questions are going deeper and wider > On average, non-compliance cost is 2.65 times the cost of compliance (Ponemon Insititute, The True Cost of Compliance, Jan 2011) Cloud Computing > CIO Survey: Security is the single biggest barrier to cloud computing adoption > Migrating to the cloud means losing control over the human factor Vanske prijetnje > Better planned, sophisticated and targeted attacks > Targeting the most valuable assets > Go after the most powerful privileged system accounts

4 ŠTO ŠTITIMO?KAKO?  Povjerljivost  Integritet  Raspoloživost  Sastav  Distribucija i prijenos  Pohrana  Istek  Promjena  Nadzor

5  Discover all privileged accounts across datacenter  Manage and secure every credential  Enforce policies for usage  Record and monitor privileged activities  React and comply

6  Rješenja:  Dijeljeni računi  Svatko svugdje  Specijalizirano rješenje

7 '=============================================== 'Rand - Return a random number in a given range. 'Create "random" password '=============================================== Randomize 'init random number seed High = 9999 ' high number value Low = 2 'low number value Rand = Int((High - Low + 1) * Rnd) + Low strpassword = "Secret" & Rand '=============================================== 'Change password '=============================================== strUser = fullusername 'Enter full name of username strOU = userou 'Enter OU where user's account resides here Set objUser = GetObject("LDAP://CN=" & strUser & ",OU=" & strOU & ",DC=testdomain,DC=local") objUser.SetPassword strpassword '=============================================== 'SEND EMAIL '=============================================== Set objEmail = CreateObject("CDO.Message") objEmail.From = "itsupport-newpassword@yourdomain.com" objEmail.To = "Teacher@yourdomain.com" objEmail.Subject = "PASSWORD CHANGED" objEmail.Textbody = "The password for jsmith has been changed to " & strpassword objEmail.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 objEmail.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = _ "nycexch02" objEmail.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 objEmail.Configuration.Fields.Update objEmail.Sendhttp://schemas.microsoft.com/cdo/configuration/sendusinghttp://schemas.microsoft.com/cdo/configuration/smtpserverhttp://schemas.microsoft.com/cdo/configuration/smtpserverport

8  PsPasswd  PsPasswd \\computer -u username -p password Username Newpassword  \\*  @file  net user  user_name * /domain  \\ username  dsquery user -samid DoeJ | dsmod user -pwd Pa$$word1!

9 Unified Workflows for Accessing Privileged Accounts 9 External Vendors Unix Admins Business Applications Auditor/ Security & Risk Privileged Identity Management Suite Networ k Devices Virtual Servers Windows Window s Servers Unix Linux Unix /Linux Servers AS400 iSeries Mainframes Databases Applications Security Appliances OS390 zSeries Mainframes AIM Workflow Windows Admins DBAs VM Admins SSH / X / Telnet OPM Workflow AIM Workflow EPV Workflow Monitoring & Reporting Workflow

Download ppt "Predavač: Aram Kanjić. Računi sa širokim ovlastima nad kritičnim sustavima organizacije.  Daju pristup:  Operativnim sustavima  LDAP/AD servisi  Bazama."

Similar presentations

The following is intended to outline our general product direction

The following is intended to outline our general product direction
Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
Security for Mobile Devices

Security for Mobile Devices
Mobile Device Protocol Sunil Vallamkonda 11/19/2012.

Mobile Device Protocol Sunil Vallamkonda 11/19/2012.
Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.

Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Welcome to the GIG Event 1. MICROSOFT ACTIVE DIRECTORY SERVICES Presenter: Avinesh MCP, MCTS 2.

Welcome to the GIG Event 1. MICROSOFT ACTIVE DIRECTORY SERVICES Presenter: Avinesh MCP, MCTS 2.
BalaBit Shell Control Box

BalaBit Shell Control Box
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast.

1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.

Similar presentations

Ads by Google