|
Call Us:
US/Canada: 1-800-234-9072
Direct Dial: 1-818-575-4000 |
Enterprise-class Solution for Unix/Linux Access Control & Accountability
Securely delegate root and other special account privileges
Integrates with PowerSeries Management Console (PSMC) for enhanced
RBAC, automated event and I/O log reviews, approval workflows,
and audit trails
Provides granular user task logging down to the keystroke
Provides highly configurable policy scripting to define who
may run which Unix/Linux task to/from which host, when, and
under what conditions
BeyondTrust PowerBroker® is a comprehensive IT security and
accountability solution designed to implement a consistent protocol
of access control across most Unix/Linux platforms. PowerBroker
allows system administrators to delegate administrative privileges
and authorization without disclosing the root password. Administrators
also gain the ability to grant selective access to other Unix/Linux
applications and corporate resources.
Administrative tasks such as managing system programs, mounting
devices, performing backups, or adding/updating users, can be
delegated to individuals or groups at a granular level, thus
reducing the risk of accidental damage and threat of malicious
activities. PowerBroker also manages user access to files, directories,
and third-party applications/accounts (e.g., HR, financial or
database programs – including generic accounts).
PowerBroker effectively protects the most powerful user account,
superuser or root, from hackers who could
remove critical system files, gain access to confidential data,
and delete audit trails.
The Master Host validates requested tasks against security
policy files to either approve or reject user requests.
Accepted requests are executed on the Run Host as a privileged
user. All activity is securely logged and recorded by the
Log Servers.
Secure Access to UNIX/Linux Administrative Privileges
Granularly delegate Unix/Linux root privileges for specific
tasks
Secure application generic account privileges (e.g., Oracle®,
MYSQL®, SAP)
Restrict command line interface (CLI) access to programs
and applications
Control access to files and directories
Centralized, Unassailable Administration
Implement host-by-host restrictions, while maintaining a
centralized policy
Integrate with Pluggable Authentication Modules (PAM) for
session control and password verification, allowing for
easy interface with local, LDAP and NIS/NIS+ accounts
Integrate with SafeNet Luna SA HSM for enterprises requiring
FIPS 140-2 validation*
Integrate with BeyondTrust PowerSeries™ Management Console
(PSMC)**
Support for 25 encryption algorithms for policy/configuration
files, log servers and network traffic
Optionally configures Idle Session Timeouts
Support of PKI using OpenSSL
Client/server architecture designed to support fault tolerant
operations
Extensive Unix/Linux Security Policy Development & Enforcement
Comprehensive access control policies using a "C-like" scripting
language
User-friendly web console for non-programmers to speed policy
development
Highly configurable security policy options that can enable
access by user, Unix/Linux group, netgroup, and/or host
Highly configurable security policy options that can restrict
access by day, date and time, and restrict access to and
from specified hosts, including remote hosts
Optional restricting or replacement of specific Unix/Linux
commands, including su and r-commands
Active Directory and LDAP querying capability for authentication
and access authorization
Comprehensive Logging & Reporting of Unix/Linux Activity
Event logs capture detailed information about each task
request
Comprehensive "keystroke logs" to capture complete I/O sessions
Web-based log viewers for auditors
Exports reports in CSV and XML format
Entitlement Reporting for auditors/administrators to investigate
which users are authorized to perform what tasks, from what
machine, and between what periods of time – addressing one
of today’s more pressing issues for enterprise compliance
and control
Non-Intrusive Application – Rapid Deployment
NO modification is required for enterprise Unix/Linux kernels
and operating systems
NO system reboot is required after a PowerBroker installation/update
Optional failover servers are available for fault tolerant
or load balanced operations
Highly-configurable to handle system operations on either
side of a firewall
*SafeNet Luna SA HSM Integration
PowerBroker integrates with SafeNet Luna SA HSM (Hardware Security
Module) to provide powerful hardware-key management for U.S. and
Canadian government agencies requiring FIPS 140-2,
Level 2 and Level 3 validation.
** BeyondTrust PowerSeries™ Management Console Integration
The BeyondTrust PowerSeries™ Management Console provides centralized
management capabilities, and streamlined policy change management
workflows and incident alert workflows for multiple PowerBroker
installations through a convenient web interface. BeyondTrust PowerBroker®
natively integrates with the PowerSeries™ Management Console to
deliver the following:
Automated workflows for policy creation and change management
to comply with segregation of duties and security best-practices
Automated workflows for event and I/O log reviews and acknowledgements,
and centralized audit trails, for streamlined audit support
and heightened security awareness
Centralized management of multiple PowerBroker® Master Servers
through a single web based management console with automated
policy propagation, to simplify administration and lower
costs in complex IT environments
Automated log centralization for multi-server deployments,
to streamline audit and compliance support and to reduce
costs through consolidation of logging resources
A graphical policy editor for PowerBroker® users that have
limited UNIX expertise (e.g. helpdesk professionals), to
reduce administrative costs and accommodate flexible workflows
Supported Unix/Linux Platforms
Entitlement Report
Entitlement Report
Entitlement Report
Policy File Editor
Keystroke Log Viewer
Event Log Reporter
Event Log Reporter
Event Log Reporter
|
Overview
