Scribd Logo
Upload

Welcome to Scribd!

  • Cyber-Ark Password Vault

    Uploaded by

    olive
    145 views14 pages

    Original Title

    090910 Cyber-Ark Password Vault (1).ppt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    145 views14 pages

    Cyber-Ark Password Vault

    Uploaded by

    olive

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Privileged Identity Management

    Enterprise Password Vault


    Privileged Password
    Management – Agenda

    • Privileged Users 101


    – What are privileged Users
    • The Challenge
    • Common Practices and the Risks Involved
    • Drivers: Regulations and Internal Breaches
    • Business and Technical Requirements
    • Cyber-Ark Enterprise Password Vault
    – Technology
    – Architecture
    – Benefits
    – Demonstration
    • Q&A
    Identity Management –
    Individual Users Component -
    Directories

    Windows Unix Database


    Servers Servers Applications
    LDAP/Identity Management
    Partners

    The Password Vault and can be integrated with any LDAP


    or Identity management solution, Cyber-Ark has strategic
    partnerships with the companies below.
    Together an organization will be able to manage both
    users and shared privileged accounts
    PIM - White Space for
    Major IAM Players
    What Are Privileged
    Accounts?
    Shared Predefined: Shared: Owned by the system:
    • UNIX root • Help Desk • Not owned by any
    • Fire-call person or “identity”
    Administrative • Cisco enable
    • Operations
    Accounts • DBA accounts • Emergency
    • Windows domain • Legacy applications
    • Etc. • Developer accounts

    Hard-coded, embedded: Service Accounts:


    • Resource (DB) IDs • Windows Service Accounts
    Application • Generic IDs • Scheduled Tasks
    Accounts • Batch jobs
    • Testing Scripts
    • Application IDs

    Windows Local administrator:


    • Desktops
    Personal
    Computer • Laptops
    Accounts
    Privileged Accounts
    Today

    • Common practices:
    – Storage: Excel spreadsheets, physical safes, sticky notes,
    locked drawers, memorizing, hard coded in applications and
    services
    – Resets: Handled by a designated IT members, call centers,
    mostly manual
    – Known to: IT staff, network operations, help desk, desktop
    support, developers
    • Common problems:
    – Widely known, no accountability
    – Unchanged passwords
    – Lost passwords
    – Same password across multiple systems
    – Simplistic passwords – easy to remember
    – Passwords not available when needed
    Key Business Drivers

    • Regulatory Compliance (Sarbanes Oxley, PCI, BS7799


    etc.)
    – Auditing and Reporting
    – Control
    – Segregation of Duties
    • Proactive Improvement of Information Security Practices
    – Lost and Risk prevention
    – Return on Investment
    – Administrative Password Management
    • Internal Breach
    • Return On Investment
    – Efficiency and Productivity
    Mission Statement

    Cyber-Ark Software is an Information Security company that


    develops and markets digital vaults for securing and
    managing highly-sensitive information within and across
    global enterprise networks.

    Vault Safes
    (Local Drive or SAN)

    Cyber-Ark
    Vault Server
    LAN, WAN,
    INTERNET
    Password Vault
    Architecture

    Central Password Manager

    1 Privileged Users are defined to the


    Unix Servers
    Central Password Manager and a copy of
    their passwords is stored within the Vault

    2
    Central Password Manager is periodically
    regenerating new passwords for all
    managed accounts on all relevant systems
    Password
    and/or Directory Servers and then stores a
    Windows
    Vault copy of the new passwords within the Vault
    Servers

    3 An Administrator needs to perform an


    administrative task on any system or
    Networking Devices device. After authenticating to the Vault,
    and passing relevant security checks the
    Directory Server specific password of the target account
    on the target system is retrieved.
    4
    The Administrator is
    now ready to login to
    WAN
    its target application
    or server

    Desktops
    Disaster
    Recovery Site

    Main Frame
    Application Passwords

    • Scripts
    – Shell, Perl, Bat, Sqlplus…
    • Applications
    – Custom developed C/C++, COM, Java, .NET code
    – Application Servers (WebSphere, WebLogic…)
    • Products
    – IT Management
    – ETL tools (Informatica, etc…)
    Hard-Coded Password
    Embedded in Code
    .
    .
    UserName = “app”
    Password = “asdf”
    Host = “10.10.3.56”
    ConnectDatabase(Host, UserName, Password)
    .
    Work with database
    .
    source1.vbs
    .
    .
    UserName = “app”
    Password = PVToolKit(“Vault.ini”,“User.ini”,“Safe”,“Root\Password”)
    Host = “10.10.3.56”
    ConnectDatabase(Host, UserName, Password)
    .
    Work with database
    .

    source1-new.vbs
    Requirements for
    Privileged Accounts
    Management Solution
     Exceptionally secure solution for the keys of the
    kingdom

     Supreme performance, availability and disaster


    recovery due to its mission-critical nature

     Flexible distributed architecture to fit the enterprise


    complex network topology

     Single standard solution for a multi-facet problem

     Intuitive and robust interfaces


    Thank You

    David Adamczyk
    Channel Sales Manager
    Cyber-Ark Software
    david.adamczyk@cyber-ark.com

    You might also like