- Sprint WiMAX service now online in Baltimore
- Nintendo to launch DS with camera, music player
- 50 tools to speed up your PC
- VMware KOs a roughly built Hyper-V package
- Enterprises overpay for antivirus software
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SOA | Value of WDS
|
||||
Privileged IT staffers literally holds the keys to the castle. Access to those keys that open the doors to critical operating system and application resources must be carefully managed and legally audited. Enter the class of products referred to as privilege account management wares.
Privileged access isn't 'single sign-on", which is more of an end-user convenience issue as well as a security spoofing prevention method. PAM products provide controlled privileged access for IT administrators and power users.
Operating systems running on critical servers and even high-end business applications running on Oracle and SQL Server databases don't always have appropriate ticketing systems for granting privileged access. And there's increasing pressure from both internal auditing and government compliance agencies for companies to know who had privileged access, when they had it, and if at all possible, what was done with the access.
Generally, with controlled privileged access, a request is made by IT staff through the PAM product for a privileged account password.
Most products tested require that all requests be approved. Granting such a request may take more than one administrative nod, as some organizations may choose to use several specific individuals or draw from a pool of individuals that must give a recorded stamp of approval before the privileged password is granted.
The privileged password is only granted for a period of time. The password may expire in short order or be automatically updated by the PAM software to something no one (but the system itself) actually knows at all — only the PAM system.
There may need to be verification that the password wasn't changed by the then-privileged user – a check typically accomplished by a shadow privileged account maintained by the PAM system itself -- and perhaps a subsequent action that changes the password and verifies that this has been done so that the new privileged password is known only to the PAM system.
So the key value proposition for any PAM product is access control coupled with referential integrity of privileged passwords.
Easy-to-Use VeriSign(r) Web-Based Services Speed SSL Certificate Management and Cut Total Cost of...
Businesses Bank on SSL SolutionsLearn how financial institutions are helping their customers stay safe from phishing attacks in the...
Ten Ways to Protect Your IT Infrastructure: Reduce Costs while protecting critical business systemsPower, cooling and security issues can put your IT systems at risk. Find out how to provide clean,...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Key Considerations for a Successful 802.11n DeploymentFind out how to successfully deploy 802.11n to support an all-wireless enterprise in this webcast....
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment