SOX Compliance on external systems using PowerShell scripts in Secret Server

25 02 2013

A critical component of many compliance mandates such as SOX, HIPAA, and PCI is guaranteeing that user activity is audited.  Secret Server maintains an internal audit trail for user actions and access to shared privileged accounts, but it doesn’t necessarily guarantee that external systems maintain their own audits.  After several customer requests, Secret Server  can now be configured to audit external systems through custom PowerShell scripting to enhance auditing when a privileged account is used on an external system.

For example, we can look at Microsoft SQL Server’s auditing. How can an Administrator ensure that auditing of an account is in place when that privileged account is used?

Secret Server can be used to combine custom PowerShell scripts with its one time password (OTP) feature called CheckOut.  This allows a user to access a password from the repository but Secret Server will change it to a new random password afterwards.  Administrators can also upload PowerShell scripts to Secret Server and set them to run before an account is checked out, and after it is checked back in.  This can be used to ensure that various compliance actions occur before or after a password is used.

In the below example I’ve created a Secret for an account with access to the AdventureWorks database, and set up an Audit Specification in Microsoft SQL Server.

Image

In Secret Server I can now safeguard that the auditing I’ve set up for SOX, PCI, or HIPAA compliance is enabled whenever a user accesses the database with the AdventureWorksAdmin user.

On the Secret for the AdventureWorksAdmin user, I’ve enabled CheckOut.  Now when a user accesses the account the password will be changed once they are finished.  Next I uploaded a PowerShell script that ensures the Audit Specification is enabled on AdventureWorks, and set it to run before the Secret is Checked Out to the user.

Image

This Hook guarantees that auditing is turned on by preventing CheckOut if the PowerShell script fails.  If for any reason the script can’t ensure that the compliance auditing is enabled, then it will return an error and the user won’t be granted access the AdventureWorksAdmin SQL Account.  The CheckOut feature will also change the password after the user is finished with the Secret, so users are forced to go through Secret Server to access the privileged account.  This now provides named user audits in Secret Server that are tied to a specific shared account, and Microsoft SQL Server is guaranteed to maintain its own auditing whenever that account is used.

Ben Yoder is the Product Owner for Secret Server – you can find him at the Thycotic booth (#2644) at the RSA Conference in San Francisco this week.  Stop by to chat to Ben about SOX, PowerShell scripting or other cool stuff.


Comments : Leave a Comment »
Tags: ,
Categories : Best Practices, Events, Secret Server

Thycotic Software (booth #2228) at VMWorld 2012 San Francisco

16 08 2012

Thycotic Software will be at VMWorld 2012!  Please join us at the Moscone Center in San Francisco, CA on August 26th through August 30th.  We will have demonstrations of Secret Server, Password Reset Server, and our newest product Group Management Server.  Stop by booth #2228 and you can meet the team and learn about the newest features in Secret Server.

VMWorld is an ideal opportunity for us to demonstrate our advanced IT admin tools.  Secret Server, Password Reset Server, and Group Management Server all perform well when installed in a virtual server.  We recommend leveraging virtualization technologies such as VMware with our tools not only for ease of management but also for meeting Disaster Recovery and High Availability requirements.

Secret Server is a privileged password management solution, designed to securely control access to critical enterprise passwords in one centralized, web-based repository.  Secret Server is an encrypted, FIPS-compliant, and helps organizations to reach their Sarbanes-Oxley or PCI DSS goals.

Password Reset Server is an end-user password reset tool that combines ease-of-use with advanced security, and meets Section 508 compliance standards. Password Reset Server is designed to reduce Help Desk calls and let employees reset their own forgotten passwords through a series of secure questions, image-matching, and text/phone verification.

Group Management Server is an end-user-facing Active Directory Group management tool that allows IT admins to delegate AD Group membership to the business owners. Group Management Server helps to lower the time your IT team spends on Active Directory Group membership changes by allowing your end users to do it themselves.

See you August 26th!


Comments : Leave a Comment »
Tags: , , , , , , ,
Categories : Events, Group Management Server, Password Reset Server, Secret Server

Meet Thycotic in San Francisco at RSA 2012!

7 02 2012

Will you be in San Francisco for RSA Conference 2012?  We’ll be there too!  Thycotic Software is excited to demonstrate our flagship products Secret Server and Password Reset Server live.  Please join us at the Moscone Center February 27th – March 2 and learn about the newest features.  Thycotic’s booth (#2550) is located here:

Thycotic Software's Booth #2550 at RSA Conference 2012

Thycotic Software's Booth #2550 at RSA Conference 2012

Secret Server is a privileged password management solution, designed to securely control access to critical enterprise passwords in one centralized, web-based repository.  SS is encrypted, FIPS-compliant and helps organizations to reach their Sarbanes-Oxley or PCI DSS goals.

Password Reset Server is an end-user password reset tool that combines ease-of-use with advanced security, and meets Section 508 compliance standards. PRS is designed to reduce Help Desk calls and let employees reset their own forgotten passwords through a series of secure questions and images, and even telephone verification.

See you February 27th!


Comments : Leave a Comment »
Tags: , , , , , , ,
Categories : Events, Password Reset Server, Secret Server

Thycotic brings Password Management to TechEd Australia 2010

8 07 2010

Thycotic brings Password Management to TechEd Australia 2010

Thycotic will be at Gold Coast, Australia next month exhibiting at TechEd Australia for the third year in a row. Stop by our booth and learn about how Secret Server integrates with RADIUS in version 7.0 .

Are you responsible for end-user passwords? Ask to see a demo of self-service password reset tool,Password Reset Server.

Come visit us to talk about password management or information security.

See you there!

Thycotic Booth


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Events, Password Reset Server, Secret Server

Secret Server at FOSE 2008

3 04 2008

100_0441This year Secret Server made its debut at FOSE, one of the leading government technology events in the nation.   The show is being held at the Walter E. Washington Convention Center which is situated only a few minutes away from our offices in downtown D.C.

Despite there being several hundred kiosks and lectures, Secret Server appears to be one of the few software products featured.  Many of the exhibitions are displaying hardware and energy saving innovations.  I think a lot of people have been pleasantly surprised to see a solution for password management.

Over the last couple of days, I and some of the other team members got a chance to interact with attendees and demonstrate some of the core functionality of Secret Server.  We have received a lot of enthusiasm and great feedback on the product thus far.

 

Today is the final day for FOSE. Come visit us at booth #100 located in the Security section.  Hope to see you there!

 

 

–Joseph


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Events, Secret Server


Follow

Get every new post delivered to your Inbox.