BeyondTrust Case Studies Los Alamos Replaces sudo with PowerBroker for Servers

Edit This Case Study Record

	Los Alamos Replaces sudo with PowerBroker for Servers BeyondTrust

Los Alamos Replaces sudo with PowerBroker for Servers

BeyondTrust

Technology Category	Cybersecurity & Privacy - Database Security
Applicable Industries	National Security & Defense
Applicable Functions	Discrete Manufacturing
Use Cases	Cybersecurity
Services	System Integration
Challenge	In the fall of 2006, Los Alamos National Laboratory was tasked with performing an audit of their cyber security systems, including inspections of its safeguards and security functions. The audit aimed to ensure that the organization had a system in place that complied with federal regulations, including the Federal Information Security Management Act of 2002 (FISMA). The lab was using sudo, an open source software program that only tracked activity on a machine-by-machine basis. However, the audit revealed inefficiencies associated with using sudo for these purposes. IT administrators were spending an excessive amount of time managing every machine individually to extract and consolidate relevant information from various logs to illustrate compliance and ability to monitor and control privileged users’ activity. Around the same time, the lab learned that it would be inheriting the responsibility of administering about 200 additional UNIX and Linux systems. The staff agreed that it would be impossible to manage this complex heterogeneous environment using the current monolithic architecture of open source sudo. Read More
About Customer	Los Alamos National Laboratory (www.lanl.gov), located in Los Alamos, N.M., is a premier national security research institution, delivering scientific and engineering solutions for the nation’s most crucial and complex problems. The lab’s primary responsibility is ensuring the safety, security and reliability of the nation’s nuclear deterrent. In addition to being one of the largest multi-disciplinary institutions in the world, Los Alamos is also the second largest institution and employer in northern New Mexico, with more than 11,000 employees and contractors. Read More
Solution	After extensive review and analysis, BeyondTrust’s PowerBroker for Servers established itself as the most complete solution to provide centralized authorization management and reporting across the lab’s heterogeneous network of Unix and Linux hosts. PowerBroker for Servers provides granular delegation of root administrative privileges on Unix or Linux systems with a complete and secure audit trail of all delegated actions. PowerBroker for Servers increases productivity by directing all log files from each machine to a centralized log server for easy management. PowerBroker for Servers captures keystrokes, output and errors, and it can record and replay an entire user session, making it much easier to backtrack to identify the source and cause of a problem. The indelible audit trail can track activity by whom, what, when and where and then selectively query, extract and display information from the generated log files. This satisfies compliance requirements for the accountability required for access security. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Database Security

Applicable Industries

National Security & Defense

Applicable Functions

Discrete Manufacturing

Use Cases

Cybersecurity

Services

System Integration

Challenge

In the fall of 2006, Los Alamos National Laboratory was tasked with performing an audit of their cyber security systems, including inspections of its safeguards and security functions. The audit aimed to ensure that the organization had a system in place that complied with federal regulations, including the Federal Information Security Management Act of 2002 (FISMA). The lab was using sudo, an open source software program that only tracked activity on a machine-by-machine basis. However, the audit revealed inefficiencies associated with using sudo for these purposes. IT administrators were spending an excessive amount of time managing every machine individually to extract and consolidate relevant information from various logs to illustrate compliance and ability to monitor and control privileged users’ activity. Around the same time, the lab learned that it would be inheriting the responsibility of administering about 200 additional UNIX and Linux systems. The staff agreed that it would be impossible to manage this complex heterogeneous environment using the current monolithic architecture of open source sudo.

About Customer

Los Alamos National Laboratory (www.lanl.gov), located in Los Alamos, N.M., is a premier national security research institution, delivering scientific and engineering solutions for the nation’s most crucial and complex problems. The lab’s primary responsibility is ensuring the safety, security and reliability of the nation’s nuclear deterrent. In addition to being one of the largest multi-disciplinary institutions in the world, Los Alamos is also the second largest institution and employer in northern New Mexico, with more than 11,000 employees and contractors.

Solution

After extensive review and analysis, BeyondTrust’s PowerBroker for Servers established itself as the most complete solution to provide centralized authorization management and reporting across the lab’s heterogeneous network of Unix and Linux hosts. PowerBroker for Servers provides granular delegation of root administrative privileges on Unix or Linux systems with a complete and secure audit trail of all delegated actions. PowerBroker for Servers increases productivity by directing all log files from each machine to a centralized log server for easy management. PowerBroker for Servers captures keystrokes, output and errors, and it can record and replay an entire user session, making it much easier to backtrack to identify the source and cause of a problem. The indelible audit trail can track activity by whom, what, when and where and then selectively query, extract and display information from the generated log files. This satisfies compliance requirements for the accountability required for access security.

Impact #1	PowerBroker for Servers provided centralized authorization management and reporting across the lab’s heterogeneous network of Unix and Linux hosts.
Impact #2	The solution provided granular delegation of root administrative privileges on Unix or Linux systems with a complete and secure audit trail of all delegated actions.
Impact #3	PowerBroker for Servers increased productivity by directing all log files from each machine to a centralized log server for easy management.

Impact #1

PowerBroker for Servers provided centralized authorization management and reporting across the lab’s heterogeneous network of Unix and Linux hosts.

Impact #2

The solution provided granular delegation of root administrative privileges on Unix or Linux systems with a complete and secure audit trail of all delegated actions.

Impact #3

PowerBroker for Servers increased productivity by directing all log files from each machine to a centralized log server for easy management.

Download PDF Version

Overview

Los Alamos Replaces sudo with PowerBroker for Servers

Operational Impact