The secure shell may be supplemented by products such as UPM and sudo when the need is for secure operating systems in enterprises having a UNIX, Linux and Windows infrastructure
This document reviews the need for each system to be equipped with a secure shell if it is being used for any form of commercial data processing in an enterprise which employs an IT infrastructure with UNIX, Linux and Windows. In the drive for secure operating systems, a secure shell may be improved in by the addition of commercial security enhancements such as UPM (UNIX Privilege Manager) or COSduty-SSA, and/or products in the shareware or public domain category such as sudo.
Secure operating systems have become a necessity in order for enterprises to be able to demonstrate compliance with rules on corporate governance. Until the recent past, corporate officers have been allowed wide freedom in the way they implement security with the result that there has been significant variation in the provision in this area, from the use of the UNIX secure shell to more robust solutions including UPM, COSduty-SSA and sudo. However, following recent legislation, corporate officers now face harsher penalties whose consequences are such that the techniques for implementing operational security on data processing systems must be more rigorously assessed and reliably applied.
Secure shell reinforcement – UPM and sudo assist secure operating systems, but COSduty-SSA is the leader
Recent US and European legislation (Sarbanes-Oxley in the USA and similar European Directives) has made compliance a big issue for publicly listed companies – and some private companies who conduct business with the listed sector.
The essence of the legislation is to protect the integrity of the financial information provided to the public. This is difficult to construct when privileged IT users, typically system administrators, have unlimited access rights to critical IT systems. Even though a so-called secure shell may be in use, an acceptably secure operating system is not present until additional usage controls and auditing are implemented by means of additional products.
A software product of particular value in this area is COSduty-SSA whose use can limit the unrestricted freedoms of systems administrators and audit their activity so as to prove IT services are making their full contribution to data integrity and compliance.
In addition, because of its low implementation costs and other technical advantages, COSduty-SSA can show a positive RoI, even when compliance issues are disregarded.
Some details of the functionality of COSduty-SSA
COSduty-SSA can ensure the use of privileged accounts is reduced to the absolute minimum by:
- encapsulating the majority of privileged routines in menu/forms driven procedures
- enforcing administrators to request privileged sessions on particular systems for particular periods of time
- allocating only that subset of commands required to carry out a requested function
- auditing all activity and reporting on those audit trails
In summary, COSduty-SSA is an unusual product, but one whose scope is quickly becoming more widely acknowledged as the intricacies of the measures which are required to protect corporate officers from the possible consequences of corporate governance legislation are better understood. If this area is new to you and visualising the role of products such as COSduty-SSA remains difficult, please feel free to contact OSM for relevant information at all levels. Alternatively, re-enter the COSduty-SSA web site and help yourself.
OSM is the leading independent specialist supplier of E-DSM solutions for organizations who rely on a UNIX, Linux and Windows infrastructure. Our reputation is one of delivering solutions to problems of all complexities by means of our highly competent Professional Services team.