This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------B8C4FCE38CD Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-Transfer-Encoding: QUOTED-PRINTABLE Content-ID: <Pine.SUN.3.96.981203145806.26622Kat_private> http://www.networkcomputing.com/shared/printArticle?article=3Dnc/922/922f1.= html&pub=3Dnwc Finally! A Light at the End of the Tunnel By David Willis =20 Managing security for an policy for a large organization with a variety of computing platforms is a tough job that gets tougher all the time. Organizations change so quickly that simply keeping systems current is an accomplishment. New systems are added, operating systems and applications are upgraded, network entry points proliferate and new security flaws crop up every day. Staff turns over, contractors come and go, and support departments endure downsizing, leaving fewer people to manage more systems. Typically, those who remain focus on delivering service for end users rather than on network protection.=20 =20 The daily task of protecting information falls to the security policy administrator, who has his or her hands full simply managing what's already in place--ensuring that system accounts and permissions are set up properly and that information is always available to those who need it (and no one else). Most often the policies are implemented by others--security managers rarely manage boxes on a daily basis--and they must take care not to make it hard for people to get their jobs done. Policies must be understandable, auditable, enforceable and nonintrusive. It's a tall order.=20 =20 By comparison, life in a homogeneous environment is easy. IBM mainframe shops have IBM RACF or Computer Associates International's CA-ACF2 for granular security management. Well-established products extend mainframe security management into distributed environments. Tools for administering a single-platform network operating system do an adequate job, with a few well-documented exceptions: In large, interconnected Windows NT installations, for example, the sheer volume of accounts and trust relationships is known to swallow an inordinate amount of administrative time. Unix systems have similar architectural flaws, including limited capacity for management delegation and clumsy access-control-list mechanisms. Still, while many tools can secure and manage Windows NT, Unix and NetWare within themselves, rarely do they span multiple platforms. Without a mainframe to centralize it all, there is only a handful of security-policy management tools that can control users and resources served by diverse operating systems. Computer Associates, PLATINUM technology and Tivoli Systems have tools that manage user accounts, control file-level access and enforce a policy hierarchy. =20 Security Gains Each vendor takes a slightly different approach to policy management, but our hands-on experience in Network Computing's Real-World Labs=AE at Syracuse University and in Dallas showed that whatever the method, these powerful product suites represent a substantial leap forward for large, security-conscious organizations. Given enough time and effort, these suites will save policy administrators work and will align systems more rapidly within the organization.=20 [see original URL for rest of article..] =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 --------------B8C4FCE38CD-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:17 PDT