BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Active Directory Bridge – A Path To PCI Compliance

Post by Peter McCalister January 12, 2012

What is an Active Directory Bridge and how does it help me with PCI compliance?

What is an Active Directory Bridge?
First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the Active Directory Kerberos functionality for single sign-on (SSO) on these non-Windows platforms. Active Directory also includes the ability to implement Group Policy for Windows machines which customizes the user settings and place restrictions on the types of activities users can perform. An Active Directory Bridge integrates Linux, UNIX, and Mac OS X desktops and servers into Active Directory extending the full value of Active Directory to these platforms.
PowerBroker Identity Services provides these Active Directory bridge services by allowing a unique ID for authentication, authorization, monitoring and tracking. PowerBroker Identity Services also extends group policies to non-Windows computers so that their security setting and configurations can be centrally managed alongside your Windows systems. PBIS also supports SSO for any enterprise application that is “Kerberos-aware” or LDAP, including Samba, Apache, SSH, Websphere, JBoss, Tomcat, Oracle, and MySQL.

How does an Active Directory Bridge help me with PCI compliance?
The PCI standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources.
Your current compliance implementation may use platform specific systems for authentication; Windows users authenticate with Active Directory, UNIX and Linux users might use NIS, and Mac OS X users may authenticate through Open Directory or an ad hoc Kerberos implementation. When a person joins or leaves the company their identity must be set up or retired on multiple systems in multiple places and it’s easy to miss deprovisioning a user from one of the systems.
Implementing an Active Directory Bridge solution solves this problem. All users and computers are managed in Active Directory. Their access can be managed through Active Directory Group Policy, using the “Allow Logon Rights” policy. And, if someone should leave the company, there is a single place to disable access. An Active Directory Bridge will ease your management burden and ensure that you remain PCI compliant.

PowerBroker Identity Services as a bridge to Active Directory can help you comply with key PCI requirements:
• One user, one ID: Assign a single ID and password to each user and then use that ID to monitor and track the user.
• Authenticate the encrypted passwords of users and groups with the highly secure Kerberos authentication protocol.
• Authorize and control access to resources, including those that contain customer account information.
• Apply group policies to configure Linux, Unix, and Mac OS X computers to comply with PCI DSS requirements.

Together, PowerBroker Identity Services and Active Directory provide a proven Identity Management System to ease management of your mixed network, improve security, and, most important, help you comply with PCI requirements.

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,