Safety First: New Challenges in Securing Your Environment ACT User Meeting June 2011
What we will cover. • Your entitlements window • Entitlements, roles and v1 security overview • Problems with v1 security • Tasks, jobs and v2 security overview • V2 user administration
Finding your Entitlements window Next 2 slides
The Entitlements window shows what entitlements you have for the current screen. Next slide
The Entitlement window also shows what tasks and jobs hold theseentitlements. Next slide
After double-clicking an entitlement • There is a log that records any change to a user security profile.
What is an Entitlement? • It is a grant to you that entitles you to do “something”. • access a screen. • access a button. • run a batch menu item. • In V1 security, entitlements were granted to usersoneby one on the User Administration screen. But, there are many entitlements...
What is a Role (V1)? • It is a grant to you that allows access to data. (data privileges) • In v1 security, roles were named after job functions. Accounting Attorney
V1 Security • For you to do your job, you were granted each entitlement, oneor more roles,and all BMIs 1 or more roles User40 or more entitlements all batch menu items (BMIs)
Problems with V1 Security • Entitlements may allow you to do something that the roles would not. Screen fails ! • It was up to the user administrator to grant the proper entitlements. Difficult ! • The roles would become outdated. Undependable !
Problems with V1 Security • Roles were very difficult to categorize. “This data is ACCOUNTING and this data is ATTORNEY” • Roles had to be created by ACT. Too general or too specific for different clients
V2 Security • For you to do your job, you are granted oneor more v2 jobs. User 1 or 2 jobs
V2 security userjobtaskentitlementdata privilege entitlement data privilege entitlement entitlement BMI BMI BMI
Task • ACT builds the tasks and verifies them. • A task provides a complete set of entitlements, BMIs and the privileges needed to perform thatfunction.
A task's entitlements, BMIs and data privileges, viewed from the Security Maintenance screen. Next 3 slides
Jobs • ACTassembles tasks into jobs. • A job is a complete inventory of tasks for a specific job title (as it relates to ACT).
Fine tuning from the Security Administration screen allows entitlement and BMI changes for the given user. Next slide (shows entitlement s only)
Fine tuning allows tasks and data privilege changes from Security Administration Next 2 slides
All actions are recorded and are viewable from the Security Administration screen. Next Slide
Information SecurityLGB&S, LLP ACT User Meeting June 2011
Agenda • Zeus toolkit video • Security and the End User • Malicious Code – Internet • File Transfer Protocol (FTP) Security
Zeus Lifecycle and Statistics • First identified in 2007, used against US Department of Transportation • Active in 2009, compromising FTP accounts and personal data • Active in 2010-2011, compromising bank and credit card data • Proliferation • Controlled machines are in 196 countries • Targets Windows machines • Availability • Removal and Detection
Security and the End User • Best Practices • Be aware of your environment • Keep your antivirus software up to date • In a corporate environment,use anti-spam technologies • Ensure your computer has the most recent patches • LGB&S solutions • Awareness Training • Forefront • IronMail • SCCM
Malicious Code - Internet • Recent Trends • Browsers without current patches • Trusted sites infected with malicious code • Silent redirects • What can you do? • Keep your browser and its plugins patched • Keep your operating system patched • Investigate and purchase a Web Security Gateway or an IDS which monitors port 80 and 443
FTP Security • Recent Issues • Buffer overflow in FTP Service in Microsoft IIS 5.0 through 6.0 • Heap-based buffer overflow in Microsoft FTP service 7.0 and 7.5 • Stack-based buffer overflow in ProFTPD (Linux) • ProFTPD Backdoor • Prevention • Update and patch vulnerable systems • Disable anonymous connections • Use strong passwords • Use SFTP, FTPS
LGB&S EFT • GlobalScape Enhanced File Transfer Server • Supports • SFTP • FTPS • HTTP/S (Portal) • HTTP/S Web Transfer Client • FTP – LGB&S does not utilize this protocol on this server. • Secure • Complex passwords • User account security • Connection security • PCI compliant • Federal Information Processing Standards (FIPS) 142-2 Compliance
LGB&S EFT • Scheduled patching • Scheduled anti-virus scanning • Configuration control