Find White Papers
Home About Contact Help
Free Membership Member Login
Jul 6, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

CA Access Control for Windows

CA
By : CA
INFORMATION
Published : Sep 01, 2006
Length : 9
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Protecting Windows servers through Active Directory Group Policy combines security and IT management within a single framework, presenting security challenges regarding separation of duty, manageability and auditing. As such, a separate security system is required to protect mission-critical resources.

Learn how CA Access Control for Windows, an independent security system, complements the native Windows operating system and can enable a strong defense-in-depth security practice for your organization.
View All Items By This Company
Browse Related Categories :

Access Control

,

Auditing

,

Windows

,

Windows Server
 

Access Control for Windows:

Windows vulnerability risks by limiting the rights granted security policy deployment and control to administrator accounts and groups to the minimum permissions needed for each to perform their job function.

Dynamic Control

Group Policy is based on the definition of an access permission hierarchy. Permission changes are propagated to subsequent files and folders based on an inheritance mechanism. This static permission system updates all file permissions at the time of command issue time, meaning propagation of changes can take a long time, especially in a large server environment.

eTrust Access Control for Windows employs a dynamic permission system that determines access permissions at request execution time. This provides real-time protection while simplifying policy deployment and allowing more flexible rules to be implemented.

Out-of-the-Box Policies

The Policy Manager can manage native Windows

An initial policy deployment challenge is that the creation resources including shares, files, disks, COM ports, of security rules usually requires deep knowledge of how registry keys and values, domains, users, groups, printers, critical applications behave and what resources are processes, services, devices, user sessions, Windows involved. eTrust Access Control for Windows provides out-of-the-box password policy and Windows audit policy settings. The security policy samples, allowing quick deployment of Policy Manager allows administrators to connect and baseline security policies which are then flexible for manage both Windows and UNIX policy model resources customization. and to utilize eTrust Access Control for Windows database utilities.

Many organizations deploy a heterogeneous server groups in the organization, the system resources that infrastructure including both Windows and UNIX systems. need protection and the rules governing user and group eTrust Access Control for Windows enables consistent, integrated access to system resources. The highly optimized management and enforcement of access security policies

Database interacts with the Engine to provide real-time across both of these environments. The Policy Manager authorization information. Database information and provides a single interface through which policies can be services are continuously protected by eTrust windows access control administered and the PMDB distributes these rules to

Windows and UNIX subscribers at the same time.

- Engine. The Engine receives access requests to Consolidated management of UNIX and Windows determine whether or not they are permissible. Upon decreases the amount of administrative work required receiving a request, the Engine consults the Database, and improves the system administrator efficiency, saving accesses the relevant access policies It is responsible for managing the list of subscriber databases and propagating all updates from the PMDB to its subscribers.

CA Product Integration

eTrust Access Control for Windows can be installed independently and provide full server access protection without dependencies on other CA or third-party products. However, given that operating system access protection may be a single component of a defense-in-depth strategy, eTrust Access Control for Windows provides integration with CA security products including CA Identity Manager. As a provisioning target for CA Identity Manager, the eTrust Access Control for Windows user base can be managed from and automatically kept in sync with CA Identity Manager.

Furthermore, eTrust Audit can write the eTrust Access Effective security software needs to be implemented as Control audit file into its eTrust Audit events, which an integral part of a computer?s operating environment. were retrieved from Windows logs files.

Conclusion

During the course of regular operations, administrators of all roles operate in close proximity to sensitive data, processes or applications running on a Windows infrastructure. In the standard structure of a Windows and Active Directory deployment, these IT and security administrative functions are tightly coupled with one another. While this may not necessarily affect IT system administration, it can severely impact the integrity of security policy enforcement. Effective separation of these duties requires an independent, fine-grained access enforcement and auditing solution.

eTrust Access Control for Windows provides the necessary system-level access control for Windows, cross-platform policy management, operating system hardening and secure auditing capabilities for organizations to effectively protect their mission-critical server infrastructure and maintain regulatory compliance.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map