This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
Symark PowerBroker 5.0
REVIEWED BY SANDRA KAY MILLER
Price: Starts at $1,000 per server
Symark PowerBroker solves
The client/server-based software resides at the shell level, making no changes to the kernel. PowerBroker supports 30 different types of encryption--AES 256 is the default--to secure network traffic, logs and configuration files.
PowerBroker works with HP-UX, Linux, Solaris, SCO and AIX and integrates well with existing infrastructure such as routers and firewalls.
PowerBroker can be configured and managed by command line or its well-designed Web GUI, which can easily be used by someone with minimum knowledge of Unix. We used the GUI to quickly set up privileges, create and assign policies, create alerts, manage encryption, and generate and view audits, logs and reports.
By assigning root-level privileges based upon on role, the actual root password is never revealed. Policies can also be assigned based upon user authentication through centralized repositories such as LDAP and SSO systems.
The new access control lists allow those unfamiliar with programming or shell scripts to write policies that control privileges through global categories such as user, system, command, time of day and day of week.
The Entitlement Report will satisfy auditors, presenting a quick overview of who can run what, and under what circumstances.
The I/O logging option records all screens and keystrokes, storing them in an encrypted file that can be used for forensic analysis or to meet rigorous regulatory re-quirements. It can also be used for real-time monitoring.
Data is logged in syslog format, so it can be ported to SIM/SEM products, or exported in CSV and text formats.
We were impressed by the control that can be assigned to users based on role and circumstance. For example, we elevated privileges of users so they could access a particular system, such as a Web server, as root, while denying similar root privileges to a mail server. Security features include blocking predefined keystrokes, automatic termination of idle root sessions, and checksum comparisons to identify potential malicious code.
Testing methodology: Symark PowerBroker was deployed in a Linux-based environment with a variety of servers requiring root privileges, including a Web server and mail server.
This was first published in October 2007