slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Authority on Demand Flexible Access Control Solution PowerPoint Presentation
Download Presentation
Authority on Demand Flexible Access Control Solution

Loading in 2 Seconds...

play fullscreen
1 / 50

Authority on Demand Flexible Access Control Solution - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

Authority on Demand Flexible Access Control Solution. The Challenge. Emergency access to critical application data and processes is a very common security breach which is uncovered in System i audits.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authority on Demand Flexible Access Control Solution' - hop-foreman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the challenge
The Challenge

Emergency access to critical application data and processes is a very common security breach which is uncovered in System i audits.

Currently, manual approaches to this problem are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements.

System i sites define user’s security levels and allocate security rights corresponding to the different job responsibilities in the organization.

aod features
AOD Features
  • Easy to Use - simplifies granting special authorities when necessary, and incorporates easy-to-use reporting and monitoring mechanisms.
  • Add/Swap Security Levels (unique to iSecurity AOD) - grants a new security authority level or adds additional security rights on request.
  • Authority Transfer Rules & Providers - enables pre-defining special authority "providers" and special authority transfer rules.
  • Safe Recovery from Emergency - enables recovering from different types of emergency situations with minimum risk of human error.
  • Full Monitoring Capabilities - logs and monitors all relevant activities, and sends audit reports and real-time e-mail alerts when employees request higher authority.
  • Part of End-to-End Solution - solidifies iSecurity's position as the most comprehensive security solution for System i environments.
  • Intuitive GUI Interface –suitable for non-technical staff.
  • Controlled Access – allows only relevant personnel to access critical data
without authority on demand inefficient work mode
Without Authority on Demand: Inefficient Work Mode

Authority Request Rejected

Richard Garner

Busy IT Manager

Sam Evans

Programmer

Has authorities for Test & Development

Needs authorities for Production once a week

Hi Sam… temporary authorities for the Production folder? Hmmm, I don’t have time now… maybe next week.

with authority on demand automatic granting of special authorities
With Authority on Demand: Automatic Granting of Special Authorities

Let’s define authority rules: When Sam Evens requests authority for Production Folder between

8AM-16:30PM, the system will automatically grant it…

Uh, Richard, I need authorities for the Production folder again…

requesting special authority
Requesting Special Authority…

Now that we have AOD, I’ll request authority… Wow, this is so much easier than calling up Richard…

effective monitoring of special authorities
Effective Monitoring of Special Authorities

Finally, I don’t have to waste my time on granting special authorities… the whole process is automatic and I can see a full log of Sam’s authority requests and even screen captures!

slide12

Authority on Demand Log

DANA start add authority of user QSECOFR in job 456789/DANA/QPADEV0003.

Reason: Need to check problem in production system.

Confirmation ID: 5634

Time: 11/03/08 22:40

Attachment 1 – Command entered

Attachment 2 – Captured Screens

Attachment 3 – DB Records changes

DANA end add authority of user QSECOFR in job 456789/DANA/QPADEV0003.

Time: 11/03/08 23:19

ID: 653

Command entered

ID: 653, Attachment 1

Captured Screens

ID: 653, Attachment 2

DB Records changes

ID: 653, Attachment 3

* Other attachment options available (all QAUDJRN information, summary of changes made by Ad-Hoc utilities…)

slide14

Work with Authority Rules

Select Authority Rule to modify.

slide15

Modify an Authority Rule

Each field needs to be explained individually;“Add authority of Provider” is unique to AOD & ensures that logged info relates to requester .

slide16

Modify an Authority Rule

Important note below .

slide17

Work with Authority Providers

Select an Authority Provider to modify.

slide21

Request to obtain Authority (GETAOD)

Requestor must enter the name of theAuthority provider and either a PIN Code (with Reason *BYPIN) or Reason text.

slide22

GETAOD was successful

Feedback message below.

slide24

GETAOD was not successful

Feedback message below.

slide29

Display AOD Log Entries

Option 41 from the Main Menu is used to DisplayAOD log entries; can be filtered by requester or provider.

slide30

Sample AOD Log Entries

Sample AOD Log Entries; F10 provides details.

slide31

Select type of AOD Log entries to Display

Note the numerous possibilities for displaying AOD log entries.

slide32

Audit Log for one Get AOD request

This is the QAUDJRN log for one AOD request.

slide33

Option 43: Print Log

AOD log contains “pointers” (i.e. attachments) to the appropriate QAUDJRN log.

slide34

Print output of QAUDJRN

This is the printed QAUDJRN log for a singleAOD request.

slide35

Showing “Captured” Screen Image

This is an actual screen “Capture” of using AOD (back version).

slide36

Another “Captured” Screen Image

This is one of the user screens “Captured”(frame 11 in the Capture log file).

slide37

AOD System Configuration Screen

Option 81 from the AOD Main Menu.

slide38

General Definitions Configuration Screen

Note various general definition parameters.

slide39

Exit Programs Configuration Screen

AOD allows for site-specific exit programoverrides.

slide40

AOD Log Retention Configuration Screen

Set the Log Retention period using this screen.

slide41

E-mail Definitions Configuration Screen

An appropriate license must be signed witha local ISP.

slide42

SYSLOG Definitions

SYSLOG attributes are defined using Option 8121 from the main menu.

slide43

SYSLOG Messages

These are the SYSLOG messages writtenwhen authority was added.

slide44

Work with AOD Operators

Select an AOD Operator to modify.

slide45

Modify AOD Operator Rights

Full product usage, Emergency usage or useas an Auditor (read-only).

slide46

Emergency Operator Screen

Current user has been defined as Emergencyoperator, only 1 rule can be modified.

slide47

Modify Rule by Emergency Operator

Modify the rule which relates this Emergencyoperator; other rules cannot be modified.

slide48

Auditor Screen

No changes may be made to rules.

slide49

Modify Authority Rules screen disabled

All input fields are disabled in this mode.

slide50

Thank You!

Please visit us at

www.razlee.com