Novell Privileged User Manager

Control and Record "Which Privileged Users Have Access to What"

A key component of any compliance solution is the ability not only define user access to systems, but also to track how that access is being used. With Novell Privileged User Manager, you can centrally define the commands that privileged users are able to execute on any UNIX or Linux platform, ensuring that only authorized users can perform specific administration tasks. This delegated administration eliminates the need to distribute root account credentials to the entire administrative staff and minimizes potential risk to the organization.

Novell Privileged User Manager also allows you to define rules for allowing or denying user activity based on a combination of user name, typed command, host name and time (who, what, where and when). By managing UNIX and Linux privileges in this way, you can control what commands user are authorized to run, at what time and from what location. All user activity is recorded in a powerful audit reporting and management tool, allowing you take immediate action when suspicious activity occurs.

How It Works

1. UNIX/ Linux commands submitted by superusers are captured by the Command Control Agent, and then sent to the Command Control Manager.
2. The commands are validated against the rule database to determine authorization. During the validation process, the commands, the submit user, host, the run host requested and the date/time are correlated with existing rules in the database. If authorized to run, the command is executed on the requested run host, along with any additional parameters such as the run user, host and scripts before the data is signed.
3. The result of the authorization is sent to the event log.
4. The signed data with its authorization is sent back to the Command Control Agent.
5. If authorized, the Command Control Agent forwards the data to the Run Daemon on the remote host, which executes the command with the relevant permissions.
6. If the session capture feature is enabled, all data transferred between the application and user terminal is logged to the audit system.

Analyze and Mitigate Risk with 100% Keystroke Recording

Novell Privileged User Manager contains powerful analysis tools that allow internal and external auditors to view recorded keystroke activity from users.

User activity is graded with a risk level from 0 to 9, depending on the command typed, the user and the host. High-risk commands are color coded as red, low risk commands are color coded as green, with varying shades in between for instant identification of events that could pose a security risk.

When an event is opened, auditors can view any recorded keystroke activity (color-coded, line by line). Events can be color coded with a risk rating based on the command executed, the user who executed it and the location. If an event requires further analysis, a workflow process escalates the event to the appropriate managers—either by sending an e-mail notification or flagging the event in the compliance auditor console—who can take immediate action.

For example, administrators can set rules that flag certain commands as higher risk because of the potential threat they pose to the organization. Novell Privileged User Manager recognizes these high-risk commands and color codes their associated keystrokes.

Novell Privileged User Manager also allows auditors to view exactly what took place during a recorded session with easy-to-use playback controls.