Symark announced PowerBroker 3.0, security software designed to enhance native Unix authorization by providing selective delegation of Unix administrative privileges for trusted users without providing full root access, and thus reducing the risk of accidental damage or malicious activity.
The company says that PowerBroker also manages privileges and access to third-party applications and accounts (e.g., database, CRM, and ERP), including generic accounts. In addition, PowerBroker may extend the limited logging capabilities of traditional Unix systems by providing an indelible audit trail of all accepted and rejected user requests and session I/O to ensure a secure environment as well as user accountability.
By providing selective access to root's power, PowerBroker may enable system administrators, database administrators, engineers, application developers, and help desk operators to perform their jobs without introducing security risks. PowerBroker is designed to maintain system integrity by ensuring that root password is not revealed. Granular privilege delegation enables administrators to restrict access to specific system commands as well as third-party applications, directories and files. Administrators may be able to use PowerBroker's C-like scripting language to create comprehensive policies to govern privilege assignment.
To ensure a secure environment and provide clear user accountability, PowerBroker provides an audit trail. It aims to extend native Unix logging capabilities by centrally capturing each system's events, requests, and complete user sessions by keystroke. PowerBroker provides both event logs and I/O logs; a new browser-based GUI enables administrators to view both logs. Log files may be queried, and specified data may be extracted and viewed. For additional protection, "forbidden keystroke" sequences may be designated and systems secured before potential damage occurs.
PowerBroker should further increase system security by encrypting network traffic as well as policy and configuration files and logs. PowerBroker supports SSL, providing additional encryption and authentication for organizations for which security is a priority. PowerBroker also supports Kerberos version 5. PowerBroker should be configurable on both sides of a packet-filtering firewall, and its client/server architecture ensures fault tolerance for continual availability.
"Today, with more and more corporations building their extensive information technology infrastructures upon various flavors and versions of Unix, the challenges of using native Unix solutions to administer privileges across such complex environments become prohibitive," said Bob Sommers, chairman and co-CEO of Symark. "PowerBroker bridges this gap, offering granular control of root account privileges while protecting the root password. With support for an expansive range of Unix systems-all without requiring modifications to the Unix kernel -- PowerBroker is a single, central tool for managing authorization across heterogeneous environments."
PowerBroker supports Unix platforms from Sun, HP, IBM, Digital, Compaq, SGI, Motorola, Linux, Sequent, SCO, and vednors. Version 3.0 introduces support for AIX 5, Solaris 9, Debian Linux, and IBM S390 Linux.