act user meeting june 2011. your entitlements window entitlements, roles and v1 security overview...
TRANSCRIPT
Safety First:
ACT User MeetingJune 2011
New Challenges in Securing Your Environment
V2 User Security
3
What we will cover.
• Your entitlements window
• Entitlements, roles and v1 security overview
• Problems with v1 security
• Tasks, jobs and v2 security overview
• V2 user administration
4
Next 2 slides
Finding your Entitlements window
5
Click to view your entitlements
6
From Account Master (and any screen)...
7
Next slide
The Entitlements window shows what entitlements you have for the current screen.
8
Entitlements Window
9
Next slide
The Entitlement window also shows what tasks and jobs hold these entitlements.
10
After double-clicking an entitlement
There is a log that records any change to a user security profile.
11
What is an Entitlement?
• It is a grant to you that entitles you to do “something”.
access a screen.access a button.run a batch menu item.
• In V1 security, entitlements were granted to users one by one on the User Administration screen. But, there are many entitlements...
12
What is a Role (V1)?
• It is a grant to you that allows access to data. (data privileges)
• In v1 security, roles were named after job functions.
Accounting Attorney
13
V1 Security
• For you to do your job, you were granted each entitlement, one or more roles, and all BMIs
1 or more roles User 40 or more entitlements
all batch menu items (BMIs)
14
Problems with V1 Security
• Entitlements may allow you to do something that the roles would not.
Screen fails !
• It was up to the user administrator to grant the proper entitlements.
Difficult !
• The roles would become outdated.Undependable !
15
Problems with V1 Security
• Roles were very difficult to categorize.“This data is ACCOUNTING and this data is ATTORNEY”
• Roles had to be created by ACT.Too general or too specific for different
clients
16
V2 Security• For you to do your job, you are granted one or
more v2 jobs.
User 1 or 2 jobs
17
V2 security
user job task entitlement data privilege entitlement data privilege entitlement entitlement BMI BMI BMI
18
Task
• ACT builds the tasks and verifies them.
• A task provides a complete set of entitlements, BMIs and the privileges needed to perform that function.
19
Next 3 slides
A task's entitlements, BMIs and data privileges, viewed from the Security Maintenance screen.
20
A Task’s Entitlements
21
A Task’s BMIs
22
A Task's Data Privileges
23
Jobs
• ACT assembles tasks into jobs.
• A job is a complete inventory of tasks for a specific job title (as it relates to ACT).
24
Next slide
A job’s tasks, shown from the Security Maintenance screen.
25
Jobs
26
Next slide
Creating a custom job using the Security Maintenance screen.
27
Client Specific Jobs
28
Next Slide
Granting a job using the Secutiy Administration screen.
29
Granting a job to a user
30
Next slide (shows entitlement s only)
Fine tuning from the Security Administration screen allows entitlement and BMI changes for the given user.
31
Fine Tuning - Entitlements
32
Next 2 slides
Fine tuning allows tasks and data privilege changes from Security Administration
33
Fine Tuning - Tasks
34
Fine Tuning - Privileges
35
Next Slide
All actions are recorded and are viewable from the Security Administration screen.
36
Grant History
Information SecurityLGB&S, LLPACT User MeetingJune 2011
38
Agenda
•Zeus toolkit video•Security and the End User•Malicious Code – Internet• File Transfer Protocol (FTP)
Security
39
Zeus toolkit
40
Zeus Lifecycle and Statistics• First identified in 2007, used against US Department of Transportation• Active in 2009, compromising FTP accounts and personal data• Active in 2010-2011, compromising bank and credit card data
• Proliferation• Controlled machines are in 196 countries
• Targets Windows machines• Availability• Removal and Detection
41
Security and the End User• Best Practices• Be aware of your environment• Keep your antivirus software up to date• In a corporate environment, use anti-spam technologies• Ensure your computer has the most recent patches
• LGB&S solutions• Awareness Training• Forefront• IronMail• SCCM
42
Malicious Code - Internet• Recent Trends• Browsers without current patches• Trusted sites infected with malicious code• Silent redirects
• What can you do?• Keep your browser and its plugins patched• Keep your operating system patched• Investigate and purchase a Web Security Gateway or an IDS which monitors port 80 and 443
43
FTP Security• Recent Issues• Buffer overflow in FTP Service in Microsoft IIS 5.0 through 6.0• Heap-based buffer overflow in Microsoft FTP service 7.0 and 7.5• Stack-based buffer overflow in ProFTPD (Linux)• ProFTPD Backdoor
• Prevention• Update and patch vulnerable systems• Disable anonymous connections• Use strong passwords• Use SFTP, FTPS
44
LGB&S EFT• GlobalScape Enhanced File Transfer Server• Supports• SFTP• FTPS• HTTP/S (Portal)• HTTP/S Web Transfer Client• FTP – LGB&S does not utilize this protocol on this
server.• Secure• Complex passwords• User account security• Connection security• PCI compliant• Federal Information Processing Standards (FIPS) 142-
2 Compliance
45
LGB&S EFT• Scheduled patching• Scheduled anti-virus scanning• Configuration control