Re: Customizing Security

From: Abdullah Ramazanoglu (ar018.REMOVE_at_CAPS.yahoo.cöm)
Date: 07/05/04

Next message: Michael: "Re: Problem: psad shows all traffic in STDOUT"
Previous message: pa.ruza: "Re: Block usage of IE"
In reply to: Tom Jordan: "Re: Customizing Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 05 Jul 2004 13:02:48 +0300

Tom Jordan wrote:

> Hi Colin,
>
> To add a little more information:
>
> We have data center that has server running in multiple operating
> systems. Win 2000, Linux, Solaris, AIX, and AS/400. Administering the
> security in each of these is a bit painful as there are several
> hundred servers.
>
> My company provides an identity management solution that goes pretty
> far, but we may need to make some enhancements to achieve the desired
> solution. The customer would like to simplify the admin task by
> centralizing all the security information on one security and policy
> server. This way all the servers and applications would authenticate
> against this. In doing this, I was curious to know if and how we can
> by augment the native login that is part of the OS and if so how.
>

LDAP and your environment are a perfect match, I think. It is
implemented via slapd package in linux. Think of it as the open
alternative of Active Directory. All of the systems you mentioned
(except AS/400 perhaps) talk LDAP, including samba. So the same user
entry will be used for authentication / authorization purposes by
Windows and Samba, Linux boxes, Unix boxes, and may be also by AS/400.

Also, LDAP not only provides for user security management, but also it
can store any kind of data you care to make use of. For instance you
can store email and contact info of users (not only internal ones, but
all customers, providers etc.) and an LDAP aware mail client (KMail for
one) will be able to use your user database as its central addressbook.

-- 
Abdullah        | aramazan@ |
Ramazanoglu     | myrealbox |
________________| D O T cöm |

Next message: Michael: "Re: Problem: psad shows all traffic in STDOUT"
Previous message: pa.ruza: "Re: Block usage of IE"
In reply to: Tom Jordan: "Re: Customizing Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

security-basics Digest of: get.123_145
... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
(Security-Basics)
<< SBS News of the week - Sept 26 >>
... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
(microsoft.public.backoffice.smallbiz2000)
Re: << SBS News of the week - Sept 26 >>
... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
(microsoft.public.backoffice.smallbiz2000)
<< SBS News of the week - Sept 26 >>
... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
(microsoft.public.windows.server.sbs)
Re: << SBS News of the week - Sept 26 >>
... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
(microsoft.public.windows.server.sbs)