Escolar Documentos
Profissional Documentos
Cultura Documentos
Privileged Password
Management
Agenda
Privileged Users 101
What are privileged Users
The Challenge
Common Practices and the Risks Involved
Drivers: Regulations and Internal Breaches
Business and Technical Requirements
Cyber-Ark Enterprise Password Vault
Technology
Architecture
Benefits
Demonstration
Q&A
Identity Management
Individual Users Component
- Directories
LDAP/Identity
Management
Partners
The Password Vault and can be integrated with any LDAP
or Identity management solution, Cyber-Ark has strategic
partnerships with the companies below.
Together an organization will be able to manage both
users and shared privileged accounts
Administrative
Administrative
Accounts
Accounts
Shared Predefined:
UNIX root
Cisco enable
DBA accounts
Windows
domain
Etc.
Application
Application
Accounts
Accounts
Hard-coded, embedded:
Resource (DB) IDs
Generic IDs
Batch jobs
Testing Scripts
Application IDs
Personal
Personal
Computer
Computer
Accounts
Accounts
Shared:
Help Desk
Fire-call
Operations
Emergency
Legacy
applications
Developer
accounts
Service Accounts:
Windows Service Accounts
Scheduled Tasks
Privileged Accounts
Today
Common practices:
Storage: Excel spreadsheets, physical safes, sticky notes, locked
drawers, memorizing, hard coded in applications and services
Resets: Handled by a designated IT members, call centers,
mostly manual
Known to: IT staff, network operations, help desk, desktop
support, developers
Common problems:
Internal Breach
Return On Investment
Efficiency and Productivity
Mission Statement
Vault Safes
(V
is
ua
l
ng
iti
Au
d
Fi
le
En
cr
yp
ti o
Se
eo
cu
gr Ma
rit
ap n
y)
u
hi a
ca l &
lS
Ac
ec
ce
ur
ity
ss
C
on
tro
Au
l
th
en
ti c
at
io
n
Fi
re
wa
ll
S
En es
cr sio
yp n
tio
n
Cyber-Ark
Vault Server
LAN, WAN,
INTERNET
Password Vault
Architecture
Central Password Manager
1
Unix Servers
2
Password
Vault
Windows
Servers
3
Networking Devices
Directory Server
4
The Administrator is
now ready to login to
its target application
or server
WAN
Desktops
Disaster
Recovery Site
Main Frame
Application
Passwords
Scripts
Shell, Perl, Bat, Sqlplus
Applications
Custom developed C/C++, COM, Java, .NET code
Application Servers (WebSphere, WebLogic)
Products
IT Management
ETL tools (Informatica, etc)
Hard-Coded
Password
Embedded in Code
.
.
UserName = app
Password = asdf
Host = 10.10.3.56
ConnectDatabase(Host, UserName, Password)
.
Work with database
.
source1.vbs
.
.
UserName = app
Password = PVToolKit(Vault.ini,User.ini,Safe,Root\Password)
Host = 10.10.3.56
ConnectDatabase(Host, UserName, Password)
.
Work with database
.
source1-new.vbs
Requirements for
Privileged Accounts
Management
Solution
Thank You
David Adamczyk
Channel Sales Manager
Cyber-Ark Software
david.adamczyk@cyber-ark.com