Menu
As corporations downsize employee rosters in a soft economy, IT managers must draw on their skills as administrators of directories and identity assets to maintain corporate data security.
Download SSH Tectia Client 6.4.3.22 from our website for free. This software is an intellectual property of SSH Communications Security. The following versions: 6.4, 6.2 and 6.1 are the most frequently downloaded ones by the program users.
Laid off employees, particularly disgruntled ones who may have had access to key corporate repositories, can threaten an organization. IT managers need global knowledge -- from knowing the enterprise directories and extranet directories and the location of repositories, to knowing the people in charge of directory access and which ones have super user privileges.
|
Contingency planning
Perkins told managers to function as if they were managing through a disaster. Now is the time to choose new people to have administrator privileges, he said. 'You have to know your stuff, know your people, know how to prioritize the use of directories and protect the key access points,' he said. Perkins suggests taking the following steps:- Create a super user management process. Allocate new privileges and new rights to new people and shut down access to former employees.
- Re-evaluate the role of the directory and the automated account workflow. Make sure you know where the directory is being used during new account creation or during the retirement of an account.
- Know the location of your current organizational assets that are related to assets and maintenance. You may have a good idea of where things are in the data center but not when you fan out into the wider enterprise. Audit your identity assets.
- Assess the relationship between the extranet directory and the enterprise directory so you can determine the level of synchronization. Hackers don't take a holiday. There could be a threat during the downturn, and the links between the inside and outside will be at risk. Make sure it's secure.
- Know what brands and versions of administration tools are available and how they work.
Don't delete
During a corporate downsizing, don't delete accounts. Disable them instead, said Jeremy Moskowitz, principal at GPanswers.com, a Group Policy trainer based in Philadelphia.
'If you delete an account, it's a long road to getting access rights for the next person who may take over,' Moskowitz said. 'When you are downsizing, someone still has to do that job in the interim. By deleting an account you are losing the link to everything that person was doing.'
Disable the account temporarily, he said, and find out who is taking over the job role and then give the account a new name and password. 'It may not be a good long-term strategy, but it's a good interim strategy for business continuity,' he said. 'Life has to go on for those roles and responsibilities.'
In some cases, a company has to lay off desktop support staff and then change the local administrator passwords on the machines. Moskowitz said IT managers should know there is a new, easy-to-automate method of resetting desktop administrator permissions in Group Policy.
Administrator Manual
Copyright © 1995–2012 Tectia Corporation
This software is protected by international copyright laws. All rights reserved. Tectia® and ssh® are registered trademarks of Tectia Corporation in the United States and in certain other jurisdictions. The Tectia and SSH logos are trademarks of Tectia Corporation and may be registered in certain jurisdictions. All other names and marks are property of their respective owners.
No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of Tectia Corporation.
THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING.
For Open Source Software acknowledgements, see appendix Open Source Software License Acknowledgements in the User Manual.
Table of Contents
- 1. About This Document
- Documentation Conventions
- Operating System Names
- Directory Paths
- Customer Support
- Component Terminology
- 2. Installing Tectia Server
- Preparing for Installation
- System Requirements
- Hardware and Disk Space Requirements
- Licensing
- Installation Packages
- Upgrading Previously Installed Tectia Server Software
- Downloading Tectia Releases
- Installing the Tectia Server Software
- Installing on AIX
- Installing on HP-UX
- Installing on Linux
- Installing on Solaris
- Installing on Windows
- Installing on VMware ESX
- Installing on Linux on IBM System z
- Removing the Tectia Server Software
- Removing from AIX
- Removing from HP-UX
- Removing from Linux
- Removing from Solaris
- Removing from Windows
- Removing from VMware ESX
- Removing from Linux on IBM System z
- Files Related to Tectia Server
- File Locations and Permissions on Unix
- File Locations on Windows
- Registry Keys on Windows
- 3. Getting Started
- Starting and Stopping the Server
- Starting and Stopping on AIX
- Starting and Stopping on Other Unix Platforms
- Starting and Stopping on Windows
- 4. Configuring Tectia Server
- Tectia Server Configuration Tool
- Tectia Server Configurations Generated with Tectia Manager
- Tectia Server
- General
- Proxy Rules
- Domain Policy
- Identity
- Network
- Logging
- Certificate Validation
- Defining Access Rules Using Selectors (Advanced Mode)
- Connections and Encryption
- Authentication
- Services
- Configuration File for Tectia Server
- Dividing the Configuration into Several Files
- Using Selectors in Configuration File
- ssh-server-config.xml
- 5. Authentication
- Supported User Authentication Methods
- Compatibility with OpenSSH Keys
- Server Authentication with Public Keys
- Generating the Host Key
- Notifying the Users of Host Key Changes
- Server Authentication with Certificates
- Certificate Enrollment Using
ssh-cmpclient-g3
- Certificate Enrollment Using
- Server Authentication using External Host Keys
- User Authentication with Passwords
- User Logon Rights on Windows
- User Authentication with Public Keys
- Using the Authorization File
- Using Keys Generated with OpenSSH
- Special Considerations on Windows
- User Authentication with Certificates
- Configuring Certificates
- Configuring User Authentication with Certificates on Windows
- Host-Based User Authentication
- Using Conventional Public Keys
- Using Certificates
- User Authentication with Keyboard-Interactive
- Password Submethod
- Pluggable Authentication Module (PAM) Submethod
- RSA SecurID Submethod
- RADIUS Submethod
- LAM Submethod on AIX
- User Authentication with GSSAPI
- Special Considerations on Microsoft Windows Server 2003
- Configuring User Authentication Chains
- Basic Example
- Example with Selectors
- Authentication Chain Example
- Example of Using the Deny Action
- Forwarding User Authentication
- Forwarding User Authentication to a Kerberos Realm
- Reporting User Login Failures
- User Name Handling on Windows
- Requirements for Trusted Domain Authentication on Windows
- Accessing Resources on Windows Network from Logon Sessions Created by Tectia SSH Server
- Network Resource Access from Terminal Session
- Network Resource Access from SFTP Subsystem
- Accessing Network Shares Using Another User's Account
- Accessing Shares on a Computer That Is Not a Member of a Domain
- Access to DFS Shares
- Accessing Files Stored on EFS on Windows from Logon Sessions Created by Tectia SSH Server
- 6. System Administration
- Tectia Client Privileged User
- Disabling Root Login (Unix)
- Restricting Connections
- Chrooting (Unix)
- Forced Commands
- Auditing
- Notification
- Customizing Logging
- Auditing with Solaris BSM
- 7. File Transfer
- Tectia Client File Transfer User
- Encryption and Authentication Methods
- Restricting Services
- Settings on the Client Side
- Automated File Transfer Script
- 8. Tunneling
- Transparent TCP Tunneling from Server Perspective
- Using a Shared Account
- Restricting Services
- Local Tunnels
- Local Tunneling Rule Examples
- Remote Tunnels
- Remote Tunneling Rule Examples
- X11 Forwarding (Unix)
- Agent Forwarding (Unix)
- 9. Troubleshooting Tectia Server
- Starting Tectia Server in Debug Mode
- Starting Tectia Server in Debug Mode on Unix
- Starting Tectia Server in Debug Mode on Windows
- Debugging Secure File Transfer
- Collecting System Information for Troubleshooting
- Solving Problem Situations
- CPU Overload on Tectia Server on HP-UX
- Invalid Host Key Permissions on Windows
- Authentication Fails for Domain Account on Tectia Server on Windows
- Last Login Time is Incorrect on Windows
- Virtual Folders Defined on Windows Network Shared Folders Are Not Available on Tectia Server on Windows
- A. Server Configuration File Syntax
- B. Command-Line Tools and Man Pages
- ssh-server-g3 - Secure Shell server - Generation 3
- ssh-server-ctl - Tectia Server control utility.
- ssh-troubleshoot - tool for collecting system information
- ssh-keygen-g3 - authentication key pair generator
- ssh-keyfetch - Host key tool for the Secure Shell client
- ssh-cmpclient-g3 - CMP enrollment client
- ssh-scepclient-g3 - SCEP enrollment client
- ssh-certview-g3 - certificate viewer
- ssh-ekview-g3 - external key viewer
- C. Audit Messages
- D. Open Source Software License Acknowledgements
- Index
Copyright 2012 Tectia Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information
This software is protected by international copyright laws. All rights reserved.
Contact Information