- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Windows Server 2008 is not intended to be a "one size fits all" solution and Microsoft relies on third-party solutions to enhance and extend Windows Server 2008 to accommodate functions like auditing, backup and recovery. Here, we look specifically at audit and recovery capabilities for Active Directory and learn where Windows Server 2008 toolset leaves off, and where the right third-party solution can provide broader coverage and enhanced management capabilities.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
|
||||
Quest Privilege Manager for Unix (QPM) currently only works with Unix derivatives. No Windows allowed.
QPM also uses a different approach than the other three products we tested in that it permits the delegation of root by proxy access to privileged accounts (root or root-equivalents) where all keystrokes are recorded. QPM delivered a keystroke-by-keystroke recording of everything we did as root on the systems we tested, almost like the macro-recorders of years gone by that did much the same thing. This method of protection for root uses a daemon (pmmasterd) that accepts instructions from a user/client, then uses an agent (pmlocald) to execute the requests. It's a gatekeeping mechanism that permits users to perform root or equivalent tasks without being root.
We told QPM which users could perform specific tasks (as an example, to run a line printer job/print request using the lp daemon), when a task could be performed, which machine could make a request, whether another user or administrator's tacit and specific permission would be required to perform a task, and which tasks could be performed (a great way to inhibit savvy users from invoking utilities they shouldn't).
All of these specified jobs made it into audit files -- including information about who did them, the time they were done and the transcript of what was done. However, we found reports generated from these audit files were weak, reminding us of syslog dump text files with one record per line.
Encryption choices include Advanced Encryption Standard (tested), Kerberos, and Data Encryption Standard/Triple DES. Unfortunately, anyone with access to the /etc directory can look inside the /etc/pm.settings file to know which encryption methos is employed — a weakness in our opinion.
It's possible to associate an executable with a checksum value that matches a desired privileged accessed request — not foolproof, but useful to prevent unwitting execution of a Trojan/replacement program (often found in 'rootkitted' installations). We like this unique authentication method, even if checksums aren't very strong file authentication mechanisms.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
