1 / 45

Safety First:

Safety First:. New Challenges in Securing Your Environment . ACT User Meeting June 2011. V2 User Security. What we will cover. Your entitlements window Entitlements , r oles and v 1 security overview Problems with v 1 security Tasks , j obs and v 2 s ecurity overview

alena
Download Presentation

Safety First:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Safety First: New Challenges in Securing Your Environment ACT User Meeting June 2011

  2. V2 User Security

  3. What we will cover. • Your entitlements window • Entitlements, roles and v1 security overview • Problems with v1 security • Tasks, jobs and v2 security overview • V2 user administration

  4. Finding your Entitlements window Next 2 slides

  5. Click to view your entitlements

  6. From Account Master (and any screen)...

  7. The Entitlements window shows what entitlements you have for the current screen. Next slide

  8. EntitlementsWindow

  9. The Entitlement window also shows what tasks and jobs hold theseentitlements. Next slide

  10. After double-clicking an entitlement • There is a log that records any change to a user security profile.

  11. What is an Entitlement? • It is a grant to you that entitles you to do “something”. • access a screen. • access a button. • run a batch menu item. • In V1 security, entitlements were granted to usersoneby one on the User Administration screen. But, there are many entitlements...

  12. What is a Role (V1)? • It is a grant to you that allows access to data. (data privileges) • In v1 security, roles were named after job functions. Accounting Attorney

  13. V1 Security • For you to do your job, you were granted each entitlement, oneor more roles,and all BMIs 1 or more roles User40 or more entitlements all batch menu items (BMIs)

  14. Problems with V1 Security • Entitlements may allow you to do something that the roles would not. Screen fails ! • It was up to the user administrator to grant the proper entitlements. Difficult ! • The roles would become outdated. Undependable !

  15. Problems with V1 Security • Roles were very difficult to categorize. “This data is ACCOUNTING and this data is ATTORNEY” • Roles had to be created by ACT. Too general or too specific for different clients

  16. V2 Security • For you to do your job, you are granted oneor more v2 jobs. User 1 or 2 jobs

  17. V2 security userjobtaskentitlementdata privilege entitlement data privilege entitlement entitlement BMI BMI BMI

  18. Task • ACT builds the tasks and verifies them. • A task provides a complete set of entitlements, BMIs and the privileges needed to perform thatfunction.

  19. A task's entitlements, BMIs and data privileges, viewed from the Security Maintenance screen. Next 3 slides

  20. A Task’s Entitlements

  21. A Task’s BMIs

  22. A Task's Data Privileges

  23. Jobs • ACTassembles tasks into jobs. • A job is a complete inventory of tasks for a specific job title (as it relates to ACT).

  24. A job’s tasks,shown from the Security Maintenance screen. Next slide

  25. Jobs

  26. Creating a custom job using the Security Maintenance screen. Next slide

  27. Client Specific Jobs

  28. Granting a job using the Secutiy Administration screen. Next Slide

  29. Granting a job to a user

  30. Fine tuning from the Security Administration screen allows entitlement and BMI changes for the given user. Next slide (shows entitlement s only)

  31. Fine Tuning - Entitlements

  32. Fine tuning allows tasks and data privilege changes from Security Administration Next 2 slides

  33. Fine Tuning - Tasks

  34. Fine Tuning - Privileges

  35. All actions are recorded and are viewable from the Security Administration screen. Next Slide

  36. Grant History

  37. Information SecurityLGB&S, LLP ACT User Meeting June 2011

  38. Agenda • Zeus toolkit video • Security and the End User • Malicious Code – Internet • File Transfer Protocol (FTP) Security

  39. Zeus toolkit

  40. Zeus Lifecycle and Statistics • First identified in 2007, used against US Department of Transportation • Active in 2009, compromising FTP accounts and personal data • Active in 2010-2011, compromising bank and credit card data • Proliferation • Controlled machines are in 196 countries • Targets Windows machines • Availability • Removal and Detection

  41. Security and the End User • Best Practices • Be aware of your environment • Keep your antivirus software up to date • In a corporate environment,use anti-spam technologies • Ensure your computer has the most recent patches • LGB&S solutions • Awareness Training • Forefront • IronMail • SCCM

  42. Malicious Code - Internet • Recent Trends • Browsers without current patches • Trusted sites infected with malicious code • Silent redirects • What can you do? • Keep your browser and its plugins patched • Keep your operating system patched • Investigate and purchase a Web Security Gateway or an IDS which monitors port 80 and 443

  43. FTP Security • Recent Issues • Buffer overflow in FTP Service in Microsoft IIS 5.0 through 6.0 • Heap-based buffer overflow in Microsoft FTP service 7.0 and 7.5 • Stack-based buffer overflow in ProFTPD (Linux) • ProFTPD Backdoor • Prevention • Update and patch vulnerable systems • Disable anonymous connections • Use strong passwords • Use SFTP, FTPS

  44. LGB&S EFT • GlobalScape Enhanced File Transfer Server • Supports • SFTP • FTPS • HTTP/S (Portal) • HTTP/S Web Transfer Client • FTP – LGB&S does not utilize this protocol on this server. • Secure • Complex passwords • User account security • Connection security • PCI compliant • Federal Information Processing Standards (FIPS) 142-2 Compliance

  45. LGB&S EFT • Scheduled patching • Scheduled anti-virus scanning • Configuration control

More Related