BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Active Directory Bridge – A Path To PCI Compliance

Posted January 12, 2012    Peter McCalister

What is an Active Directory Bridge and how does it help me with PCI compliance?

What is an Active Directory Bridge?
First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the Active Directory Kerberos functionality for single sign-on (SSO) on these non-Windows platforms. Active Directory also includes the ability to implement Group Policy for Windows machines which customizes the user settings and place restrictions on the types of activities users can perform. An Active Directory Bridge integrates Linux, UNIX, and Mac OS X desktops and servers into Active Directory extending the full value of Active Directory to these platforms.
PowerBroker Identity Services provides these Active Directory bridge services by allowing a unique ID for authentication, authorization, monitoring and tracking. PowerBroker Identity Services also extends group policies to non-Windows computers so that their security setting and configurations can be centrally managed alongside your Windows systems. PBIS also supports SSO for any enterprise application that is “Kerberos-aware” or LDAP, including Samba, Apache, SSH, Websphere, JBoss, Tomcat, Oracle, and MySQL.

How does an Active Directory Bridge help me with PCI compliance?
The PCI standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources.
Your current compliance implementation may use platform specific systems for authentication; Windows users authenticate with Active Directory, UNIX and Linux users might use NIS, and Mac OS X users may authenticate through Open Directory or an ad hoc Kerberos implementation. When a person joins or leaves the company their identity must be set up or retired on multiple systems in multiple places and it’s easy to miss deprovisioning a user from one of the systems.
Implementing an Active Directory Bridge solution solves this problem. All users and computers are managed in Active Directory. Their access can be managed through Active Directory Group Policy, using the “Allow Logon Rights” policy. And, if someone should leave the company, there is a single place to disable access. An Active Directory Bridge will ease your management burden and ensure that you remain PCI compliant.

PowerBroker Identity Services as a bridge to Active Directory can help you comply with key PCI requirements:
• One user, one ID: Assign a single ID and password to each user and then use that ID to monitor and track the user.
• Authenticate the encrypted passwords of users and groups with the highly secure Kerberos authentication protocol.
• Authorize and control access to resources, including those that contain customer account information.
• Apply group policies to configure Linux, Unix, and Mac OS X computers to comply with PCI DSS requirements.

Together, PowerBroker Identity Services and Active Directory provide a proven Identity Management System to ease management of your mixed network, improve security, and, most important, help you comply with PCI requirements.

Leave a Reply

Additional articles

Ponemon_Report

Big Surprise: Cost of Data Breaches Up; Are you Doing the *Right* Things to Mitigate the Costs?

Posted May 28, 2015    Scott Lang

Ponemon Institute Cost of Data Breach Study – costs are going up – to the tune of a 23% increase in total costs of data breaches, and a 12% increase in per-record cost since 2013. Are you doing the right things to mitigate costs?

Tags:
, ,
IRS-Data-Breach

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015    Morey Haber

The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”.

Tags:
, , ,
dave-shackleford-headshot

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

Tags:
, ,