BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Active Directory Bridge – A Path To PCI Compliance

Posted January 12, 2012    Peter McCalister

What is an Active Directory Bridge and how does it help me with PCI compliance?

What is an Active Directory Bridge?
First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the Active Directory Kerberos functionality for single sign-on (SSO) on these non-Windows platforms. Active Directory also includes the ability to implement Group Policy for Windows machines which customizes the user settings and place restrictions on the types of activities users can perform. An Active Directory Bridge integrates Linux, UNIX, and Mac OS X desktops and servers into Active Directory extending the full value of Active Directory to these platforms.
PowerBroker Identity Services provides these Active Directory bridge services by allowing a unique ID for authentication, authorization, monitoring and tracking. PowerBroker Identity Services also extends group policies to non-Windows computers so that their security setting and configurations can be centrally managed alongside your Windows systems. PBIS also supports SSO for any enterprise application that is “Kerberos-aware” or LDAP, including Samba, Apache, SSH, Websphere, JBoss, Tomcat, Oracle, and MySQL.

How does an Active Directory Bridge help me with PCI compliance?
The PCI standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources.
Your current compliance implementation may use platform specific systems for authentication; Windows users authenticate with Active Directory, UNIX and Linux users might use NIS, and Mac OS X users may authenticate through Open Directory or an ad hoc Kerberos implementation. When a person joins or leaves the company their identity must be set up or retired on multiple systems in multiple places and it’s easy to miss deprovisioning a user from one of the systems.
Implementing an Active Directory Bridge solution solves this problem. All users and computers are managed in Active Directory. Their access can be managed through Active Directory Group Policy, using the “Allow Logon Rights” policy. And, if someone should leave the company, there is a single place to disable access. An Active Directory Bridge will ease your management burden and ensure that you remain PCI compliant.

PowerBroker Identity Services as a bridge to Active Directory can help you comply with key PCI requirements:
• One user, one ID: Assign a single ID and password to each user and then use that ID to monitor and track the user.
• Authenticate the encrypted passwords of users and groups with the highly secure Kerberos authentication protocol.
• Authorize and control access to resources, including those that contain customer account information.
• Apply group policies to configure Linux, Unix, and Mac OS X computers to comply with PCI DSS requirements.

Together, PowerBroker Identity Services and Active Directory provide a proven Identity Management System to ease management of your mixed network, improve security, and, most important, help you comply with PCI requirements.

Leave a Reply

Additional articles

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,