[unisog] access management/auditing packages?

Michael Holstein michael.holstein at csuohio.edu
Thu Apr 21 18:07:46 GMT 2005


Jennifer,

Well, I can say I've dealt with CA in the past and it wasn't exactly 
pleasant -- other's mileage may vary. Regardless, here the link for 
eTrust Access Control : http://www3.ca.com/Solutions/Product.asp?ID=154

IBM's Tivoli Access Manager will do what you want, and it can handle 
Linux/UNIX as well as Windows platforms. It does require a lot of extra 
stuff to work (all from IBM, of course). Here's a link :
http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/

Novell's eDirectory is very good at doing accounting and top-down access 
control. Link : http://www.novell.com/products/edirectory/

Here's what I've done in the past. Cheap and easy to setup, and I can 
write my own reporting modules (perl, php, whatever...).

Turning on accounting on all the file servers (for file access, 
modification, attribute change, etc) will make entries in the security 
log -- which you can then deal with using Microsoft's MOM or (as I did) 
exporting it via Syslog using something like EventReporter 
(www.adiscon.de). Then it's off to the UNIX attached SAN running 
syslog-ng, with swatch, perl, and cron doing the dirty work.

Microsoft does actually have excellent accounting built right in .. and 
there are several tools to parse that eventlog information (I just use 
the free stuff). Active Directory does a decent job of access-control, 
it's just bottom-up (eg: it's impossible to see what the confered rights 
are to every file on every server, unlike Novell).

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

Jennifer Luisi wrote:
> Hello there,
> 
> I'm looking for some pointers as to where to start a search for a
> commercial access management package.  We seem to need a package that will
> monitor who has access to what data and when the data has been accessed by
> whom.  Basically, they're looking for an auditing tool.  The only thing
> I've turned up on the Internet (besides broken links and companies that
> have disappeared whole into other companies) is a product by CA called
> eTrust Access Control.  If anyone's got anything else, or experience with
> the CA product, I'd love to hear about it.
> 
> Thanks!
> 
> Jen
> 
> -------------------------------------------------------
> Jennifer Luisi				University of Rochester
> Systems Administrator			Rochester, NY
> jennifer.luisi at rochester.edu		(585) 275-9106
> -----------------------------------------------------------------
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 


More information about the unisog mailing list