 |
|
|
| INFORMATION |
| Published : |
Dec 04, 2007 |
| Length : |
17 |
| Type : |
White Paper |
|
| |
|
|
| Overview : |
This document describes how Likewise and Microsoft Active Directory can foster compliance with the Payment Card Industry Data Security Standard, a set of requirements for businesses that process payment card information. Developed by Visa, American Express, Discover Financial Services, and other members of the PCI Security Standards Council, the standard sets forth policies, procedures, and practices to protect customer account data. The standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources.
Likewise integrates Linux, Unix, and Mac OS X workstations and servers into Active Directory, providing the basis to assign each user a unique ID for authentication, authorization, monitoring, and tracking. Likewise also provides group policies for non-Windows computers so that their security settings and other configurations can be centrally managed in the same way as Windows computers. |
|
 |
|
| |
| View All Items By This Company |
| Browse Related Categories : |
Data Protection |
|
|
|
|
|
You have a mixed network of Unix, Linux, Mac OS X, and Windows computers, and you’ve got to bring your environment into compliance with the Payment Card Industry Data Security Standard, the set of security requirements for businesses that process credit card information. The standard requires that you authenticate individual users and strictly control access to customer data. If you don’t comply by a set date, or if you have a security breach, your company faces hefty fines from Visa, MasterCard, and American Express. They might even suspend your ability to accept payment cards.
Or maybe your environment is already in compliance or near compliance, but only because of a Herculean effort on the part of your system administrators to manage users on an individual basis and control their access to resources that contain sensitive cardholder data.
Why does compliance require so much work? For many businesses, it is because they use different Identity Management Systems for different operating systems: Windows users might authenticate through Active Directory, Linux and Unix users might authenticate through NIS, and Mac OS X users might authenticate through an ad hoc Kerberos key distribution center. Every time a user joins or leaves your company, you
have to update each of these Identity Management Systems separately — a time-consuming process that can leave security holes. The complexity of these Identity Management Systems and their lack of central management increases the likelihood that something will go wrong. A user account with access to protected data, for example, might not get deprovisioned from one of the systems when the user leaves the company. The PCI compliance auditors won’t like that.
With the requirements of the PCI security standard, the stakes are high. In addition to some very bad press, security breaches can lead to fines that run up to $500,000 or more. But the stakes go beyond the potential of a public relations nightmare or substantial fines. Because you don’t have a single, centralized Identity Management System in place, adapting to the standard as it evolves and changes will continue to be a grueling – and expensive – challenge.
Likewise helps overcome the challenges of complying with the PCI data security standard by integrating Linux, Unix, and Mac OS X computers into Active Directory. Joining non-Windows computers to an Active Directory domain immediately yields the benefit of providing a centralized Identity Management System. Likewise lets you use Active Directory to securely authenticate Linux and Unix users, control their access to customer data, and apply group policies to manage passwords policies and root access.
This document describes how you can use Likewise with Active Directory to comply with a number of the requirements of the Payment Card Industry Data Security Standard.
|
|
|
|
 |
|
