Managing Local Administrator Passwords Enterprise Password Vault - PowerPoint PPT Presentation

Loading...

PPT – Managing Local Administrator Passwords Enterprise Password Vault PowerPoint presentation | free to view - id: 15859-M2QyY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Managing Local Administrator Passwords Enterprise Password Vault

Description:

... thousands of desktops, laptops and servers. Highly privileged ... Assurance that administrative passwords on laptops and desktops are never lost or forgotten ... – PowerPoint PPT presentation

Number of Views:506
Avg rating:3.0/5.0
Slides: 15
Provided by: karen74
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Managing Local Administrator Passwords Enterprise Password Vault


1
Managing Local Administrator PasswordsEnterprise
Password Vault
  • May 2007

2
Windows Local AdministratorsThe Challenge
  • Exist on every Windows machine
  • In an average enterprise there are thousands of
    desktops, laptops and servers
  • Highly privileged
  • Can be used to do anything on these machines
  • Passwords are not changed enough
  • It is extremely difficult to enforce password
    policies
  • Becomes widely known
  • In most cases the same Administrator password is
    used across the entire organization
  • No accountability
  • Who is the user behind the Administrator session
  • Limited remote administration tools
  • No automatic updates for moves, adds and changes
    which are very frequent in an enterprise
    environment

The risk Mismanagement of local administrators
can lead to disastrous results for the
enterprise! Every file on every PC can be
compromised CEO files, marketing plans, budgets,
HR records, etc.
3
Windows Local AdministratorsThe Way it Works
4
How to Easily Access any Windows Machine in the
Network - I
Step 1 Many cracking tools for Windows local
users are available on the web. Any insider can
use them to crack the local Administrator
password on her own laptop/desktop
5
How to Easily Access any Windows Machine in the
Network - II
Step 2 Since it is the same password being
used across the organization for all local
administrators, the user can now remotely access
any desktop with administrator permissions!
CEO desktop
6
Cyber-Ark Password Survey Results
Personal
Network Devices
Servers
Apps
Local Admins
40 of enterprises rarely change Local
Administrator passwords!
Source Cyber-Ark Password Survey, Aug 2006
7
Windows Local AdministratorsEPV Solution Overview
  • Cyber-Ark Enterprise Password Vault V4.1
    introduces
  • Compliance and Security
  • Automatic password change based on flexible
    password policies
  • Compliance with regulations
  • Enabling strong and unique password values
  • Full audit trail for all administrative ID
    activities
  • Guaranteed individual accountability
  • Ease of Deployment
  • Out of the box solution for managing Windows
    local administrators
  • Highly secured solution for the keys to the
    enterprise
  • Especially adjusted to IT Support Centers and
    helpdesks
  • Automatic discovery of Windows machines in the
    domain
  • 24x7, enterprise-wide accessibility to
    administrators credentials upon demand
  • Enterprise readiness with seamless integration to
    the IT environment
  • Quick deployment and implementation
  • Proven in over 200 enterprise customers

8
Windows Local AdministratorsEPV Benefits
  • With EPV for Local Administrator accounts
  • IT personnel, Support Center and HelpDesk
    managers can have
  • Full accountability on their staff operations
    when using administrative accounts
  • Assurance that administrative passwords on
    laptops and desktops are never lost or forgotten
  • Immediate ROI by improving IT productivity
  • Information Security managers can
  • Enforce password policy on the sensitive
    administrative accounts in the enterprise without
    compromising IT staff productivity
  • Increase overall security of data on laptops and
    desktops by centrally controlling and tracking
    access to privileged accounts

9
Windows Local AdministratorsWindows Vista
Benefits
  • Windows Vista uses an improved security model
    (UAC User Account Control)
  • Basic tasks such as installing a printer or fonts
    no longer require full administrator privileges
  • By default, programs work in a non-privileged
    mode and are required to provide the
    administrator credentials to get elevated
    privileges
  • Local administrator accounts still exist in Vista
  • EPV enhances the Windows Vista security mechanism
    by
  • Strongly protecting the shared administrative
    accounts on Windows Vista
  • Allowing full control and audit over
    administrative account usage
  • Providing full and automatic management
  • Automatic detection and reflection in the Vault
    of new machines in the domain
  • Automatic passwords replacement based on
    enterprise policies
  • Strong and unique password values across the
    enterprise

10
Windows Local AdministratorsSimple Architecture
Desktops andLaptops
Vault
Administrators, Support Centers, Helpdesks
Windows Servers
DR Vault
Desktops andLaptops
CPM
Enterprise Backup
Enterprise Directory
RDP, Telnet, ODBC, etc. protocols
Enterprise Authentication
Windows Servers
11
Windows Local AdministratorsDistributed
Architecture
All-in-one Solutions
PasswordAppliance/DR
PasswordAppliance/DR
PasswordAppliance/DR
Cyber-Ark EnterprisePassword Vault
CPM
CPM
CPM
Vault/DR
Cyber-Ark FW Friendly Secured Protocol
Cyber-Ark FW Friendly Secured Protocol
12
Windows Local AdministratorsConcept of Operation
psw4deskadm
psw4deskadm
psw4deskadm
psw4deskadm
psw4lapadm
psw4lapadm
jist48Vop
cqg8_at_fz
cqg8_at_fz
lm7yT5w
lm7yT5w
jist48Vop
Gopdt65
0in7x
fuiE49fj
fuiE49fj
0in7x
Gopdt65
psw4lapadm
fuiE49fj
Desktops Laptops
fuiE49fj
Vault
  • Until today local administrator passwords are
    the same across enterprise desktops/laptops and
    usually IT staff and help desk personnel memorize
    them
  • Using the EPV solution different passwords are
    automatically generated for each PC and IT staff
    are no longer familiar with them
  • Whenever a password is required by an authorized
    user, it is checked-out from the Vault
  • It is then used on the desktop or laptop and
    automatically changed upon check-in

IT personnel
13
Windows Local AdministratorsAutomatic Machines
Detection
default
cqg8_at_fz
cqg8_at_fz
default
fuiE49fj
fuiE49fj
  • A new employee joins the enterprise The CPM
    automatically starts managing the privileged
    local administrator account
  • An employee leaves the enterprise -The CPM
    automatically archives the relevant machine
    (password) in the Vault

Vault
14
Thank You
About PowerShow.com