Safety First:

ACT User MeetingJune 2011

New Challenges in Securing Your Environment

V2 User Security

3

What we will cover.

• Your entitlements window

• Entitlements, roles and v1 security overview

• Problems with v1 security

• Tasks, jobs and v2 security overview

• V2 user administration

4

Next 2 slides

Finding your Entitlements window

5

Click to view your entitlements

6

From Account Master (and any screen)...

7

Next slide

The Entitlements window shows what entitlements you have for the current screen.

8

Entitlements Window

9

Next slide

The Entitlement window also shows what tasks and jobs hold these entitlements.

10

After double-clicking an entitlement

There is a log that records any change to a user security profile.

11

What is an Entitlement?

• It is a grant to you that entitles you to do “something”.

access a screen.access a button.run a batch menu item.

• In V1 security, entitlements were granted to users one by one on the User Administration screen. But, there are many entitlements...

12

What is a Role (V1)?

• It is a grant to you that allows access to data. (data privileges)

• In v1 security, roles were named after job functions.

Accounting Attorney

13

V1 Security

• For you to do your job, you were granted each entitlement, one or more roles, and all BMIs

1 or more roles User 40 or more entitlements

all batch menu items (BMIs)

14

Problems with V1 Security

• Entitlements may allow you to do something that the roles would not.

Screen fails !

• It was up to the user administrator to grant the proper entitlements.

Difficult !

• The roles would become outdated.Undependable !

15

Problems with V1 Security

• Roles were very difficult to categorize.“This data is ACCOUNTING and this data is ATTORNEY”

• Roles had to be created by ACT.Too general or too specific for different

clients

16

V2 Security• For you to do your job, you are granted one or

more v2 jobs.

User 1 or 2 jobs

17

V2 security

user job task entitlement data privilege entitlement data privilege entitlement entitlement BMI BMI BMI

18

Task

• ACT builds the tasks and verifies them.

• A task provides a complete set of entitlements, BMIs and the privileges needed to perform that function.

19

Next 3 slides

A task's entitlements, BMIs and data privileges, viewed from the Security Maintenance screen.

20

A Task’s Entitlements

21

A Task’s BMIs

22

A Task's Data Privileges

23

Jobs

• ACT assembles tasks into jobs.

• A job is a complete inventory of tasks for a specific job title (as it relates to ACT).

24

Next slide

A job’s tasks, shown from the Security Maintenance screen.

25

Jobs

26

Next slide

Creating a custom job using the Security Maintenance screen.

27

Client Specific Jobs

28

Next Slide

Granting a job using the Secutiy Administration screen.

29

Granting a job to a user

30

Next slide (shows entitlement s only)

Fine tuning from the Security Administration screen allows entitlement and BMI changes for the given user.

31

Fine Tuning - Entitlements

32

Next 2 slides

Fine tuning allows tasks and data privilege changes from Security Administration

33

Fine Tuning - Tasks

34

Fine Tuning - Privileges

35

Next Slide

All actions are recorded and are viewable from the Security Administration screen.

36

Grant History

Information SecurityLGB&S, LLPACT User MeetingJune 2011

38

Agenda

•Zeus toolkit video•Security and the End User•Malicious Code – Internet• File Transfer Protocol (FTP)

Security

39

Zeus toolkit

40

Zeus Lifecycle and Statistics• First identified in 2007, used against US Department of Transportation• Active in 2009, compromising FTP accounts and personal data• Active in 2010-2011, compromising bank and credit card data

• Proliferation• Controlled machines are in 196 countries

• Targets Windows machines• Availability• Removal and Detection

41

Security and the End User• Best Practices• Be aware of your environment• Keep your antivirus software up to date• In a corporate environment, use anti-spam technologies• Ensure your computer has the most recent patches

• LGB&S solutions• Awareness Training• Forefront• IronMail• SCCM

42

Malicious Code - Internet• Recent Trends• Browsers without current patches• Trusted sites infected with malicious code• Silent redirects

• What can you do?• Keep your browser and its plugins patched• Keep your operating system patched• Investigate and purchase a Web Security Gateway or an IDS which monitors port 80 and 443

43

FTP Security• Recent Issues• Buffer overflow in FTP Service in Microsoft IIS 5.0 through 6.0• Heap-based buffer overflow in Microsoft FTP service 7.0 and 7.5• Stack-based buffer overflow in ProFTPD (Linux)• ProFTPD Backdoor

• Prevention• Update and patch vulnerable systems• Disable anonymous connections• Use strong passwords• Use SFTP, FTPS

44

LGB&S EFT• GlobalScape Enhanced File Transfer Server• Supports• SFTP• FTPS• HTTP/S (Portal)• HTTP/S Web Transfer Client• FTP – LGB&S does not utilize this protocol on this

server.• Secure• Complex passwords• User account security• Connection security• PCI compliant• Federal Information Processing Standards (FIPS) 142-

2 Compliance

45

LGB&S EFT• Scheduled patching• Scheduled anti-virus scanning• Configuration control