Upload
ross-bates
View
217
Download
4
Embed Size (px)
Citation preview
Sway4-1 NabiTel
ComponentComponent : : Security ManagerSecurity Manager
User Administration : User Administration : 사용자 등록 관리사용자 등록 관리
Global Sign-On : Global Sign-On : 사용자 사용자 Log OnLog On 관리관리
Security Manager : Security Manager : 보안 정책 생성 및 적용 관리보안 정책 생성 및 적용 관리
Policy Director : Policy Director : 웹 서버 접근 관리웹 서버 접근 관리
Privacy Manager : Privacy Manager : 개인 정보 접근 관리개인 정보 접근 관리
Risk Manager : Risk Manager : 침입 위험 관리침입 위험 관리
PKI : PKI : 공개 키를 이용한 인증 관리 공개 키를 이용한 인증 관리
User Administration : User Administration : 사용자 등록 관리사용자 등록 관리
Global Sign-On : Global Sign-On : 사용자 사용자 Log OnLog On 관리관리
Security Manager : Security Manager : 보안 정책 생성 및 적용 관리보안 정책 생성 및 적용 관리
Policy Director : Policy Director : 웹 서버 접근 관리웹 서버 접근 관리
Privacy Manager : Privacy Manager : 개인 정보 접근 관리개인 정보 접근 관리
Risk Manager : Risk Manager : 침입 위험 관리침입 위험 관리
PKI : PKI : 공개 키를 이용한 인증 관리 공개 키를 이용한 인증 관리
Sway4-2 NabiTel
ComponentComponent : : Security Manager Security Manager - - 특징특징
Comprehensive, integrated access management
solution
Multiple platforms with a single security model
Role-based centralized security
Comprehensive Solution
Actively prevent unauthorized access
Security engine for UNIX servers : TACF
Solves the UNIX root-user problem
Architecture consistent with RACF in OS/390
Comprehensive, integrated access management
solution
Multiple platforms with a single security model
Role-based centralized security
Comprehensive Solution
Actively prevent unauthorized access
Security engine for UNIX servers : TACF
Solves the UNIX root-user problem
Architecture consistent with RACF in OS/390
Sway4-3 NabiTel
ComponentComponent : : Security Manager Security Manager - - 특징특징 (( 계속계속 ))
Flexible auditing capabilities
Focus on particular groups or resources
Focus on security priorities, enterprise-security
policy
Cross-Platform Security Management
Resolves disparate security models
Transparent to mainframe and distributed
security model
Consistent enforcement of security policy
Across geographic and platform boundaries
Flexible auditing capabilities
Focus on particular groups or resources
Focus on security priorities, enterprise-security
policy
Cross-Platform Security Management
Resolves disparate security models
Transparent to mainframe and distributed
security model
Consistent enforcement of security policy
Across geographic and platform boundaries
Sway4-4 NabiTel
ComponentComponent : : Security Manager Security Manager - - 특징특징 (( 계속계속 ))
Improved productivity
Consistent user interface
Endpoints subscription to Security Profile
Configuration
Automated security tasks
Secure delegation of maintenance tasks to junior
level
Tivoli Management
TEC and Distributed Monitoring for security alarm
Integrated with User Administration
Improved productivity
Consistent user interface
Endpoints subscription to Security Profile
Configuration
Automated security tasks
Secure delegation of maintenance tasks to junior
level
Tivoli Management
TEC and Distributed Monitoring for security alarm
Integrated with User Administration
Sway4-5 NabiTel
ComponentComponent : : Security Manager Security Manager - - 특징특징 (( 계속계속 ))
Open Security Management
Extensions in Security Manager and User
Administration
Guided by the Security Management Working
Group
Axent, Check Point Software, CyberSafe,
Cygnus
IBM, Internet Security Systems (ISS),
MEMCO
Mergent, Security Dynamics
Trusted Information Systems
Allow you to manage other security tasks
Provides solutions to improve productivity and
integration
Open Security Management
Extensions in Security Manager and User
Administration
Guided by the Security Management Working
Group
Axent, Check Point Software, CyberSafe,
Cygnus
IBM, Internet Security Systems (ISS),
MEMCO
Mergent, Security Dynamics
Trusted Information Systems
Allow you to manage other security tasks
Provides solutions to improve productivity and
integration
Sway4-6 NabiTel
Corporate Security Policies
LoginRestrictions
PasswordRules
Files,ResourcesAccess
Times
Systems,Apps
Groups,Roles
Tivoli Security Manager
Groups
Finance/Accounting
IS
PurchasingSales
Roles
Line Mgrs
Payables
Contractor
Operator/Admin
Resources
Systems
Applications
InformationDatabases
Networks
ComponentComponent : : Security Manager Security Manager - Architecture- Architecture
Sway4-7 NabiTel
CentralSecurity Admin.
Applications,Other
LockdownModules
UNIX
PDOS
NT RACF
OS/390 OS/2
NetwareOS/400
Endpoint Subscribers
Security Policy
•Access•Audit•System
PolicyDirector
ComponentComponent : : Security Manager Security Manager - - Consistent EnforcementConsistent Enforcement
Sway4-8 NabiTel
접근 제어 결정 엔진의 성능 향상
PDOS 엔진 : multi-thread 기반 설계 (PD for Operating System)
SeOS : single thread 기반 설계 (Security Operating System, Memco)
접근 제어 결정 시간이 SeOS 에 비해 절반 이상으로 절약됨
접근 제어 결정을 위해 사용되었던 모든 데이터는 재사용됨
PD Architecture 의 이점
계층적 파일 시스템 상에서 ACL 상속 가능
Branch 개념 : 자동 구성
부가적인 새로운 기능 : 감사 기능
접근 제어 결정 엔진의 성능 향상
PDOS 엔진 : multi-thread 기반 설계 (PD for Operating System)
SeOS : single thread 기반 설계 (Security Operating System, Memco)
접근 제어 결정 시간이 SeOS 에 비해 절반 이상으로 절약됨
접근 제어 결정을 위해 사용되었던 모든 데이터는 재사용됨
PD Architecture 의 이점
계층적 파일 시스템 상에서 ACL 상속 가능
Branch 개념 : 자동 구성
부가적인 새로운 기능 : 감사 기능
ComponentComponent : : Security Manager Security Manager - PDOS vs SeOS- PDOS vs SeOS
Sway4-9 NabiTel
ACL Performance - AIX
5
8
64
157
0 50 100 150 200
1
4
Pro
cess
ors
Test Runs Per Hour
PDOS 64 157
SeOS 5 8
1 4
ComponentComponent : : Security Manager Security Manager - PDOS vs SeOS- PDOS vs SeOS
Sway4-10 NabiTel
Tivoli SecureWay
SecurityManager
Tivoli Gateway
UNIX ServersUX1 UX2 UX..n
Tivoli SecureWay
Policy Director
Cache Cache Cache
Management
PDOS PDOS PDOS
ComponentComponent : : Security Manager Security Manager - PDOS Position- PDOS Position
Sway4-11 NabiTel
ComponentComponent : : Security Manager Security Manager - PDOS Flow- PDOS Flow
Sway4-12 NabiTel
ComponentComponent : : Security Manager Security Manager - Audit & Report- Audit & Report
감사와 로그 내용Security administrator actions
Login attempts
Resource access
감사 보고서 생성By user
By resource or resource type
By date/time range
By system
정책 보고서User to role
User to resource relationships….
감사와 로그 내용Security administrator actions
Login attempts
Resource access
감사 보고서 생성By user
By resource or resource type
By date/time range
By system
정책 보고서User to role
User to resource relationships….
Sway4-13 NabiTel
ComponentComponent : : Security Manager Security Manager - - 효과효과
Single Point with All
관리 집중화
모든 대상 관리
단일 Interface
PDOS: UNIX 관리 엔진
TACF 의 핵심
SeOS Migration 지원
탁월한 발전성 , 통합성
생산성 증대
관리 효율성 향상
Single Point with All
관리 집중화
모든 대상 관리
단일 Interface
PDOS: UNIX 관리 엔진
TACF 의 핵심
SeOS Migration 지원
탁월한 발전성 , 통합성
생산성 증대
관리 효율성 향상
Sun
HP
AIX
NetWare
NT
Administrator
Notes/Domino
OS/390
AS/400Unix
OS/2
SecurityManager
Uniform GUI
Sway4-14 NabiTel
ComponentComponent : : Security Manager Security Manager - Platform- Platform
Tivoli Agent
AIX
HP-UX
Sun Solaris
Windows NT
OS/390 Security Server
(RACF)
AS/400
OS/2
NetWare NDS
Tivoli Agent
AIX
HP-UX
Sun Solaris
Windows NT
OS/390 Security Server
(RACF)
AS/400
OS/2
NetWare NDS
Tivoli Server
AIX
HP-UX
Sun Solaris
Windows
Tivoli Server
AIX
HP-UX
Sun Solaris
Windows