SlideShare uma empresa Scribd logo

APPM_English_v1

G
Geunwon Kang

APPM is a password management solution that provides automated password creation, changing, and access for various systems and devices. It uses strong passwords, two-factor authentication, regular password changes, and encryption to securely manage passwords. APPM can centrally manage passwords for servers, databases, network devices, firewalls, and other systems from a single web-based console. It has been implemented at several large companies to securely manage passwords at scale across their IT infrastructure.

1 de 17
Baixar para ler offline
Enterprise Password Mgmt. Automated Process Policy Management
1 APPM Solution Family Windows 2 Factor login OTP APPM for ORIS+ APPM for Password APPM for OTP APPM for BackupBox
2 Enterprise Password Management APPM Global Software Contest “President Award” Global Software Contest “President Award”
Password Management Create Strong Password - Use at least eight characters, - Use a random mixture of characters - Don't use a word found in a dictionary - Never use the same password twice Changing Password - You should change your password regularly, once a month is reasonable for most purposes. - You should also change your password whenever you suspect that somebody knows it, or even that they may guess it, perhaps they stood behind you while you typed it in. Protecting Password - Never store your password on your computer. - Don't tell anyone your password - Never send your password via email. - Be very careful when entering your password with somebody else in the same room Remembering your password - Remembering passwords is always difficult and because of this many people are tempted to write them down on bits of paper. - Use a secure password manager. - Use a text file encrypted with a strong encryption utility. - Choose passwords that you find easier to remember
 To prevent from password leaks and meet any Security Compliance Standards, the password needs to be changed automatically once it has been used. What is APPM?  Create Strong Password - Very Strongest Password - Manageability and operated by Agent-Less system  Change Password - Change by Automated Process Policy - Change mode : Scheduled, Quick - Mass Server and device Password Change feature  Remember Password - Don’t Remember Password Request password !!! - APPM Check your ID, OTP ( 2 Factor ) - APPM Send your Password - After your job, APPM can change Password Again!!!  Protecting Password - Disk & Data Secure Encryption - Redundancy of the appliance for HA(High Availability) - 3rd Backup - Secured Communication - Protection of the service process - Audit log of its own
 To prevent from password leaks and meet any Security Compliance Standards, the password needs to be changed automatically once it has been used. What is APPM?
6 Target systems Password Repository Adapter System Account Password Unix root Oracle SYS Windows Administrator Firewall admin Cisco enable tops3cr3t tops3cr3t tops3cr3t tops3cr3t y7qeF$1lm7yT5wX5$aq+pgviNa9% tops3cr3t Web Console Policy 1. Define policy to change password through admin console 2. Upload account info, and Initialize password 3. Check in/out password via workload 4. Access through Connection manager 5. Review audit reports Policy tops3cr3t tops3cr3t tops3cr3t tops3cr3t tops3cr3t Tojsd$5fhOiue^$fgW IT Security Manager Auditor Password Change job flow
APPM work flow 7
 Prevent password hacking from internal batch file or application configuration  The scripts is able to get password from APPM through API. APPM Request Password { . . ftp 192.168.0.1 root/qwer1234 } Get Password Change Password Batche file or Applications Change the password for applications Network devicesdatabase Login the system with generated password 1 2 3 4 Protect in-house application & batch scripts using APPM API 8
Supported platform Server Solaris, HP-UX, AIX, OSF, Linux, Windows XP, Windows7, Windows8, Windows8.1, Win2000, 2003, 2008, 2012, Tandem, Mainframe Database Oracle, MS-SQL, MySQL, Sybase, Sybase IQ, Tibero, Altibase Network/Security devices Cisco, Juniper, AVAYA , Lucent, Motorola, BROCADE, Paloalto, Genian, MF2-2000, SNIPER-DDX, SNXG400, NXG100V, TrustGuard, WeGuardia, SecureWorks, Subgate, Handreamnet, D-Link, Iptime, OptoWiz, VIA SCOPE, ASTARO … etc Etc LDAP, AD, VMWare ESX, Citrix Xen, In-house Application, Web base application(Firewall, IPS, IDS, SAP etc) APPM for Password provides the feature to change the password of Enterprise systems such as Unix, Windows, Network devices, Firewall, Database, and Application through Agentless Supported devices 9
APPM has a firewall itself for access control, and a integrity feature for service process and adapters. WINDOWS UNIX/Linux Network/Firewall Secured Communication Access control of the administrator who use secure communication such as HTTPS, SSH2 2 Factor Authentication OTP tokens as a secondary authentication when accessing web/mobile Secure encryption AES/256, ARIA provides a password encryption algorithm (selectable) Protection of the service process The service processor can not be changed (monitoring and alarm) Adapter script protection The module for password change can not be changed. (monitoring and alarm) Audit log of its own Audit log of the act itself of administrator HTTPS/OTP SSH2 Powerful Security Features 10 Restricted console login Console login restrictions to the management port Disk bay lock Disk bays with a physical key lock 3rd Backup via USB Prepare 3rd backup into USB for system down Physically Logically Disk encryption Full disk encryption over theft
1111 The 3rd backup through secured USB provides fast recovery, and prevent a forgotten password from any system failure. The 3rd Backup through USB – Patent Pending Password Mgmt. System The password of accounts in the target systems has been created and changed in repository. Target Systems Real Time Backup Backup module provides data backup in real time into USB devices. Secure Area Admin PC Decryption module is enable to see updated password in secure area. Active & Standby System Down 1 2 3 Take out USB from Appliance 4 5 Connection into system System admin is able to connect the system with decrypted password until password mgmt. system recovery. 6 Standby Active
1212 To prevent from forgotten password, this feature provides verification of chance through the other session. Changed Password Verification – Patent Pending Connection (Telnet, SSH, etc) with super user and password1 Try to change password of specific accounts on the target system Update new one for particular accounts. on the target system. 2 Disconnect4 Try to connect with changed password 5 Password Mgmt. System User Access Fail Connection (Telnet, SSH, etc) with super user and password1 Try to change password of specific accounts on the target system Update new one for particular accounts. on the target system 2 Test connection through other session with new password 3 Try to connect with changed password 7 Password Mgmt. System User If connect fail, then send an alert and reset with previous one. 4 If connect success, then disconnect session 5 Connect success6 3 Unreliable system Reliable password change system Save new one to its password repository even change fails Save new one to its password repository even change fails
Site Study (I) – oo Bank 서비스 장비 UNIX, Linux 네트워크 장비 보안 장비 Worker Network Admin Password creation ③ password return ① 패스워드 요청 manager 패스워드 발급 시스템 웹 포탈 서비스 Login Security Admin UNIX Server Mgr DBMS Manager SSO connection ② 발급 승인 V I P Real time replication MasterAPPM-2000 Master MasterAPPM-2000 Slave Oracle Sybase Sybase IQ Operation platform 서버 Solaris, HP-UX, AIX, Linux 데이터 베이스 Oracle, Sybase, Sybase IQ 네트워 크 장비 및 보안 장비 Cisco, AVAYA , BROCADE, ERS5200, ERS8600, MF2- 2000,SNIPER-DDX, SNXG400, NXG100V Password &OTP 2 factor Authentication USB 3th backupUSB 3th Backup One-time Password Mgr 13 OO Bank Unix Server, DBMS, Security system, Network device each admin account passwords managed by APPM.
Site Study (II) – Financial Supervisory Service Financial Supervisory Service’ DART Service system password managed by APPM 작 업 자 Network Operator Password Create ③ Accept Password ① Request Password Manager 패스워드 발급 시스템 웹 포탈 서비스 Login Security Operator Database Operator Unix Server Operator OTP 2 factor ② Approval platform 서버 AIX Unix Unix & DBMS Network Firewall etc.. V I P 실시간 데이터 복제 MasterAPPM-3000 Master MasterAPPM-3000 Slave USB 3th backup USB 3th backup 일회용 비밀번호 관리 14 DART 서비스 장비
15 Site Study (III) – SS Electronic Global Password creator APPM-1000 USB 3차 백업 SS Electronic big network equipment’s password managed by APPM 서비스 장비 Linux Network Security 작 업 자 ③ 발급 받은 패스워드를 이용하여 접속 ② 패스워드 확인 패스워드 발급 시스템 웹 포탈 서비스 Login APPM web access platform 서버 Windows 2000, 2003, 2008, Linux 네트 워크 장비 및 보 안 장 비 Cisco, Alteon, AVAYA , BROCADE, Astro, Motorola, Optowiz, Secui, Handreamnet, Snxg400, Subgate, via scope, Windows WINDOWS Server ④ Access Control PasswordAccess Control System LoginAccess control Client login ⑤ Auto login by ACS ① 로그인 주기적 패스워드 관리 Unix Server Operator Network Operator Security Operator
Reference Site 16

Recomendados

Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEMErtugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Ch11
Ch11Ch11
Ch11Raja Waseem Akhtar
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...Ertugrul Akbas
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 

Recomendados

Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEMErtugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Ch11
Ch11Ch11
Ch11Raja Waseem Akhtar
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...Ertugrul Akbas
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Siem tools
Siem toolsSiem tools
Siem toolsErtugrul Akbas
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Desktop and server securityse
Desktop and server securityseDesktop and server securityse
Desktop and server securityseAppin Ara
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...Dsunte Wilson
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
Securing Windows web servers
Securing Windows web serversSecuring Windows web servers
Securing Windows web serversInformation Technology
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
Paper Industry:India Paper Industry Research Report
Paper Industry:India Paper Industry Research ReportPaper Industry:India Paper Industry Research Report
Paper Industry:India Paper Industry Research Reportkenresearch12
 
Rjy extn gis
Rjy extn gisRjy extn gis
Rjy extn gisravivundavalli
 
Mba ii hrm u-3.1 training and development
Mba ii hrm u-3.1 training and developmentMba ii hrm u-3.1 training and development
Mba ii hrm u-3.1 training and developmentRai University
 
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)Neeraj Bhandari
 
Training and development
Training and developmentTraining and development
Training and developmentDeepu Mohan
 
HRM Davis ch 10 Training and development 2014
HRM Davis ch 10 Training and development 2014HRM Davis ch 10 Training and development 2014
HRM Davis ch 10 Training and development 2014Arif Partono
 
HRM THESIS( TRAINING & DEVELOPMENT)
HRM THESIS( TRAINING & DEVELOPMENT)HRM THESIS( TRAINING & DEVELOPMENT)
HRM THESIS( TRAINING & DEVELOPMENT)Shanika Singharathne
 
P&G training and development
P&G training and developmentP&G training and development
P&G training and developmentAmbreen Zulfiqar
 
HRM Report by Ms. Baculo
HRM Report by Ms. BaculoHRM Report by Ms. Baculo
HRM Report by Ms. Baculo1989RMSanchez
 
paper mill ppt 1 st final
paper mill ppt 1 st finalpaper mill ppt 1 st final
paper mill ppt 1 st finaludayshays
 
Training & Development A Part Of HRM Studies Er. S Sood
Training & Development A Part Of HRM Studies Er. S SoodTraining & Development A Part Of HRM Studies Er. S Sood
Training & Development A Part Of HRM Studies Er. S Soodshart sood
 
Training, orientation and development
Training, orientation and developmentTraining, orientation and development
Training, orientation and developmentugik sugiharto
 

Mais conteúdo relacionado

Mais procurados

SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Desktop and server securityse
Desktop and server securityseDesktop and server securityse
Desktop and server securityseAppin Ara
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...Dsunte Wilson
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 

Mais procurados (10)

SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
 
Siem tools
Siem toolsSiem tools
Siem tools
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Desktop and server securityse
Desktop and server securityseDesktop and server securityse
Desktop and server securityse
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
 
Securing Windows web servers
Securing Windows web serversSecuring Windows web servers
Securing Windows web servers
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
 

Destaque

Paper Industry:India Paper Industry Research Report
Paper Industry:India Paper Industry Research ReportPaper Industry:India Paper Industry Research Report
Paper Industry:India Paper Industry Research Reportkenresearch12
 
Mba ii hrm u-3.1 training and development
Mba ii hrm u-3.1 training and developmentMba ii hrm u-3.1 training and development
Mba ii hrm u-3.1 training and developmentRai University
 
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)Neeraj Bhandari
 
Training and development
Training and developmentTraining and development
Training and developmentDeepu Mohan
 
HRM Davis ch 10 Training and development 2014
HRM Davis ch 10 Training and development 2014HRM Davis ch 10 Training and development 2014
HRM Davis ch 10 Training and development 2014Arif Partono
 
HRM THESIS( TRAINING & DEVELOPMENT)
HRM THESIS( TRAINING & DEVELOPMENT)HRM THESIS( TRAINING & DEVELOPMENT)
HRM THESIS( TRAINING & DEVELOPMENT)Shanika Singharathne
 
P&G training and development
P&G training and developmentP&G training and development
P&G training and developmentAmbreen Zulfiqar
 
HRM Report by Ms. Baculo
HRM Report by Ms. BaculoHRM Report by Ms. Baculo
HRM Report by Ms. Baculo1989RMSanchez
 
paper mill ppt 1 st final
paper mill ppt 1 st finalpaper mill ppt 1 st final
paper mill ppt 1 st finaludayshays
 
Training & Development A Part Of HRM Studies Er. S Sood
Training & Development A Part Of HRM Studies Er. S SoodTraining & Development A Part Of HRM Studies Er. S Sood
Training & Development A Part Of HRM Studies Er. S Soodshart sood
 
Training, orientation and development
Training, orientation and developmentTraining, orientation and development
Training, orientation and developmentugik sugiharto
 

Destaque (14)

Paper Industry:India Paper Industry Research Report
Paper Industry:India Paper Industry Research ReportPaper Industry:India Paper Industry Research Report
Paper Industry:India Paper Industry Research Report
 
Rjy extn gis
Rjy extn gisRjy extn gis
Rjy extn gis
 
Mba ii hrm u-3.1 training and development
Mba ii hrm u-3.1 training and developmentMba ii hrm u-3.1 training and development
Mba ii hrm u-3.1 training and development
 
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
Training & Development HRM by Neeraj Bhandari (Surkhet Nepal)
 
Training and development
Training and developmentTraining and development
Training and development
 
HRM Davis ch 10 Training and development 2014
HRM Davis ch 10 Training and development 2014HRM Davis ch 10 Training and development 2014
HRM Davis ch 10 Training and development 2014
 
HRM THESIS( TRAINING & DEVELOPMENT)
HRM THESIS( TRAINING & DEVELOPMENT)HRM THESIS( TRAINING & DEVELOPMENT)
HRM THESIS( TRAINING & DEVELOPMENT)
 
P&G training and development
P&G training and developmentP&G training and development
P&G training and development
 
HRM Report by Ms. Baculo
HRM Report by Ms. BaculoHRM Report by Ms. Baculo
HRM Report by Ms. Baculo
 
paper mill ppt 1 st final
paper mill ppt 1 st finalpaper mill ppt 1 st final
paper mill ppt 1 st final
 
Training & Development A Part Of HRM Studies Er. S Sood
Training & Development A Part Of HRM Studies Er. S SoodTraining & Development A Part Of HRM Studies Er. S Sood
Training & Development A Part Of HRM Studies Er. S Sood
 
Training, orientation and development
Training, orientation and developmentTraining, orientation and development
Training, orientation and development
 
Paper n pulp industries
Paper n pulp industries Paper n pulp industries
Paper n pulp industries
 
Training and development slides (2)
Training and development slides (2)Training and development slides (2)
Training and development slides (2)
 

Semelhante a APPM_English_v1

Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Asecurity-guidelines_and_best_practices_for_retail_online_and_business_online
Asecurity-guidelines_and_best_practices_for_retail_online_and_business_onlineAsecurity-guidelines_and_best_practices_for_retail_online_and_business_online
Asecurity-guidelines_and_best_practices_for_retail_online_and_business_onlinewardell henley
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlAidy Tificate
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathanaminpathan11
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
 
ISACA-presentation-Aug-18-2016- Onion ID
ISACA-presentation-Aug-18-2016- Onion IDISACA-presentation-Aug-18-2016- Onion ID
ISACA-presentation-Aug-18-2016- Onion IDbanerjeea
 
Security features In MySQL 8.0
Security features In MySQL 8.0Security features In MySQL 8.0
Security features In MySQL 8.0Mydbops
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurityricharddxd
 
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudTobias Koprowski
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
CCNA_Security_02.ppt
CCNA_Security_02.pptCCNA_Security_02.ppt
CCNA_Security_02.pptveracru1
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
 

Semelhante a APPM_English_v1 (20)

Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Asecurity-guidelines_and_best_practices_for_retail_online_and_business_online
Asecurity-guidelines_and_best_practices_for_retail_online_and_business_onlineAsecurity-guidelines_and_best_practices_for_retail_online_and_business_online
Asecurity-guidelines_and_best_practices_for_retail_online_and_business_online
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access Control
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathan
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
 
Windows network security
Windows network securityWindows network security
Windows network security
 
ISACA-presentation-Aug-18-2016- Onion ID
ISACA-presentation-Aug-18-2016- Onion IDISACA-presentation-Aug-18-2016- Onion ID
ISACA-presentation-Aug-18-2016- Onion ID
 
Windows network
Windows networkWindows network
Windows network
 
EventLog Analyzer - Product overview
EventLog Analyzer - Product overviewEventLog Analyzer - Product overview
EventLog Analyzer - Product overview
 
Security features In MySQL 8.0
Security features In MySQL 8.0Security features In MySQL 8.0
Security features In MySQL 8.0
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurity
 
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password security
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Server hardening
Server hardeningServer hardening
Server hardening
 
CCNA_Security_02.ppt
CCNA_Security_02.pptCCNA_Security_02.ppt
CCNA_Security_02.ppt
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 

APPM_English_v1

  • 1. Enterprise Password Mgmt. Automated Process Policy Management
  • 2. 1 APPM Solution Family Windows 2 Factor login OTP APPM for ORIS+ APPM for Password APPM for OTP APPM for BackupBox
  • 3. 2 Enterprise Password Management APPM Global Software Contest “President Award” Global Software Contest “President Award”
  • 4. Password Management Create Strong Password - Use at least eight characters, - Use a random mixture of characters - Don't use a word found in a dictionary - Never use the same password twice Changing Password - You should change your password regularly, once a month is reasonable for most purposes. - You should also change your password whenever you suspect that somebody knows it, or even that they may guess it, perhaps they stood behind you while you typed it in. Protecting Password - Never store your password on your computer. - Don't tell anyone your password - Never send your password via email. - Be very careful when entering your password with somebody else in the same room Remembering your password - Remembering passwords is always difficult and because of this many people are tempted to write them down on bits of paper. - Use a secure password manager. - Use a text file encrypted with a strong encryption utility. - Choose passwords that you find easier to remember
  • 5.  To prevent from password leaks and meet any Security Compliance Standards, the password needs to be changed automatically once it has been used. What is APPM?  Create Strong Password - Very Strongest Password - Manageability and operated by Agent-Less system  Change Password - Change by Automated Process Policy - Change mode : Scheduled, Quick - Mass Server and device Password Change feature  Remember Password - Don’t Remember Password Request password !!! - APPM Check your ID, OTP ( 2 Factor ) - APPM Send your Password - After your job, APPM can change Password Again!!!  Protecting Password - Disk & Data Secure Encryption - Redundancy of the appliance for HA(High Availability) - 3rd Backup - Secured Communication - Protection of the service process - Audit log of its own
  • 6.  To prevent from password leaks and meet any Security Compliance Standards, the password needs to be changed automatically once it has been used. What is APPM?
  • 7. 6 Target systems Password Repository Adapter System Account Password Unix root Oracle SYS Windows Administrator Firewall admin Cisco enable tops3cr3t tops3cr3t tops3cr3t tops3cr3t y7qeF$1lm7yT5wX5$aq+pgviNa9% tops3cr3t Web Console Policy 1. Define policy to change password through admin console 2. Upload account info, and Initialize password 3. Check in/out password via workload 4. Access through Connection manager 5. Review audit reports Policy tops3cr3t tops3cr3t tops3cr3t tops3cr3t tops3cr3t Tojsd$5fhOiue^$fgW IT Security Manager Auditor Password Change job flow
  • 9.  Prevent password hacking from internal batch file or application configuration  The scripts is able to get password from APPM through API. APPM Request Password { . . ftp 192.168.0.1 root/qwer1234 } Get Password Change Password Batche file or Applications Change the password for applications Network devicesdatabase Login the system with generated password 1 2 3 4 Protect in-house application & batch scripts using APPM API 8
  • 10. Supported platform Server Solaris, HP-UX, AIX, OSF, Linux, Windows XP, Windows7, Windows8, Windows8.1, Win2000, 2003, 2008, 2012, Tandem, Mainframe Database Oracle, MS-SQL, MySQL, Sybase, Sybase IQ, Tibero, Altibase Network/Security devices Cisco, Juniper, AVAYA , Lucent, Motorola, BROCADE, Paloalto, Genian, MF2-2000, SNIPER-DDX, SNXG400, NXG100V, TrustGuard, WeGuardia, SecureWorks, Subgate, Handreamnet, D-Link, Iptime, OptoWiz, VIA SCOPE, ASTARO … etc Etc LDAP, AD, VMWare ESX, Citrix Xen, In-house Application, Web base application(Firewall, IPS, IDS, SAP etc) APPM for Password provides the feature to change the password of Enterprise systems such as Unix, Windows, Network devices, Firewall, Database, and Application through Agentless Supported devices 9
  • 11. APPM has a firewall itself for access control, and a integrity feature for service process and adapters. WINDOWS UNIX/Linux Network/Firewall Secured Communication Access control of the administrator who use secure communication such as HTTPS, SSH2 2 Factor Authentication OTP tokens as a secondary authentication when accessing web/mobile Secure encryption AES/256, ARIA provides a password encryption algorithm (selectable) Protection of the service process The service processor can not be changed (monitoring and alarm) Adapter script protection The module for password change can not be changed. (monitoring and alarm) Audit log of its own Audit log of the act itself of administrator HTTPS/OTP SSH2 Powerful Security Features 10 Restricted console login Console login restrictions to the management port Disk bay lock Disk bays with a physical key lock 3rd Backup via USB Prepare 3rd backup into USB for system down Physically Logically Disk encryption Full disk encryption over theft
  • 12. 1111 The 3rd backup through secured USB provides fast recovery, and prevent a forgotten password from any system failure. The 3rd Backup through USB – Patent Pending Password Mgmt. System The password of accounts in the target systems has been created and changed in repository. Target Systems Real Time Backup Backup module provides data backup in real time into USB devices. Secure Area Admin PC Decryption module is enable to see updated password in secure area. Active & Standby System Down 1 2 3 Take out USB from Appliance 4 5 Connection into system System admin is able to connect the system with decrypted password until password mgmt. system recovery. 6 Standby Active
  • 13. 1212 To prevent from forgotten password, this feature provides verification of chance through the other session. Changed Password Verification – Patent Pending Connection (Telnet, SSH, etc) with super user and password1 Try to change password of specific accounts on the target system Update new one for particular accounts. on the target system. 2 Disconnect4 Try to connect with changed password 5 Password Mgmt. System User Access Fail Connection (Telnet, SSH, etc) with super user and password1 Try to change password of specific accounts on the target system Update new one for particular accounts. on the target system 2 Test connection through other session with new password 3 Try to connect with changed password 7 Password Mgmt. System User If connect fail, then send an alert and reset with previous one. 4 If connect success, then disconnect session 5 Connect success6 3 Unreliable system Reliable password change system Save new one to its password repository even change fails Save new one to its password repository even change fails
  • 14. Site Study (I) – oo Bank 서비스 장비 UNIX, Linux 네트워크 장비 보안 장비 Worker Network Admin Password creation ③ password return ① 패스워드 요청 manager 패스워드 발급 시스템 웹 포탈 서비스 Login Security Admin UNIX Server Mgr DBMS Manager SSO connection ② 발급 승인 V I P Real time replication MasterAPPM-2000 Master MasterAPPM-2000 Slave Oracle Sybase Sybase IQ Operation platform 서버 Solaris, HP-UX, AIX, Linux 데이터 베이스 Oracle, Sybase, Sybase IQ 네트워 크 장비 및 보안 장비 Cisco, AVAYA , BROCADE, ERS5200, ERS8600, MF2- 2000,SNIPER-DDX, SNXG400, NXG100V Password &OTP 2 factor Authentication USB 3th backupUSB 3th Backup One-time Password Mgr 13 OO Bank Unix Server, DBMS, Security system, Network device each admin account passwords managed by APPM.
  • 15. Site Study (II) – Financial Supervisory Service Financial Supervisory Service’ DART Service system password managed by APPM 작 업 자 Network Operator Password Create ③ Accept Password ① Request Password Manager 패스워드 발급 시스템 웹 포탈 서비스 Login Security Operator Database Operator Unix Server Operator OTP 2 factor ② Approval platform 서버 AIX Unix Unix & DBMS Network Firewall etc.. V I P 실시간 데이터 복제 MasterAPPM-3000 Master MasterAPPM-3000 Slave USB 3th backup USB 3th backup 일회용 비밀번호 관리 14 DART 서비스 장비
  • 16. 15 Site Study (III) – SS Electronic Global Password creator APPM-1000 USB 3차 백업 SS Electronic big network equipment’s password managed by APPM 서비스 장비 Linux Network Security 작 업 자 ③ 발급 받은 패스워드를 이용하여 접속 ② 패스워드 확인 패스워드 발급 시스템 웹 포탈 서비스 Login APPM web access platform 서버 Windows 2000, 2003, 2008, Linux 네트 워크 장비 및 보 안 장 비 Cisco, Alteon, AVAYA , BROCADE, Astro, Motorola, Optowiz, Secui, Handreamnet, Snxg400, Subgate, via scope, Windows WINDOWS Server ④ Access Control PasswordAccess Control System LoginAccess control Client login ⑤ Auto login by ACS ① 로그인 주기적 패스워드 관리 Unix Server Operator Network Operator Security Operator