BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Active Directory Bridge – A Path To PCI Compliance

Posted January 12, 2012    Peter McCalister

What is an Active Directory Bridge and how does it help me with PCI compliance?

What is an Active Directory Bridge?
First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the Active Directory Kerberos functionality for single sign-on (SSO) on these non-Windows platforms. Active Directory also includes the ability to implement Group Policy for Windows machines which customizes the user settings and place restrictions on the types of activities users can perform. An Active Directory Bridge integrates Linux, UNIX, and Mac OS X desktops and servers into Active Directory extending the full value of Active Directory to these platforms.
PowerBroker Identity Services provides these Active Directory bridge services by allowing a unique ID for authentication, authorization, monitoring and tracking. PowerBroker Identity Services also extends group policies to non-Windows computers so that their security setting and configurations can be centrally managed alongside your Windows systems. PBIS also supports SSO for any enterprise application that is “Kerberos-aware” or LDAP, including Samba, Apache, SSH, Websphere, JBoss, Tomcat, Oracle, and MySQL.

How does an Active Directory Bridge help me with PCI compliance?
The PCI standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources.
Your current compliance implementation may use platform specific systems for authentication; Windows users authenticate with Active Directory, UNIX and Linux users might use NIS, and Mac OS X users may authenticate through Open Directory or an ad hoc Kerberos implementation. When a person joins or leaves the company their identity must be set up or retired on multiple systems in multiple places and it’s easy to miss deprovisioning a user from one of the systems.
Implementing an Active Directory Bridge solution solves this problem. All users and computers are managed in Active Directory. Their access can be managed through Active Directory Group Policy, using the “Allow Logon Rights” policy. And, if someone should leave the company, there is a single place to disable access. An Active Directory Bridge will ease your management burden and ensure that you remain PCI compliant.

PowerBroker Identity Services as a bridge to Active Directory can help you comply with key PCI requirements:
• One user, one ID: Assign a single ID and password to each user and then use that ID to monitor and track the user.
• Authenticate the encrypted passwords of users and groups with the highly secure Kerberos authentication protocol.
• Authorize and control access to resources, including those that contain customer account information.
• Apply group policies to configure Linux, Unix, and Mac OS X computers to comply with PCI DSS requirements.

Together, PowerBroker Identity Services and Active Directory provide a proven Identity Management System to ease management of your mixed network, improve security, and, most important, help you comply with PCI requirements.

Leave a Reply

Additional articles

powerbroker-difference-2

Why Customers Choose PowerBroker: Low Total Cost of Ownership

Posted September 2, 2015    Scott Lang

In a survey of more than 100 customers, those customers indicated that BeyondTrust’s low powerbroker-difference-2total cost of ownership was a competitive differentiator versus other options in the privileged account management market.

Tags:
, , ,
Larry-Brock-CISO

Passwords: A Hacker’s Best Friend

Posted September 1, 2015    Larry Brock

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. But they aren’t.

Tags:
, ,
CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,