Implementing Least-Privilege Security Management in Complex Linux and UNIX Environments
Source: Reed Elsevier
o Virtually all government and private security regulations, such as Sarbanes-Oxley and the Payment Card Industry's Data Security Standard, have a few common requirements: that access to sensitive data and servers be granted only to those whose job function requires it, and that those individuals are granted only the privileges they need to perform their duties. The presenters will examine the real-world challenges around tying entitlements to individuals instead of to root or generic accounts. The presenters will also explain why existing tools such as sudo fall short in delivering enterprise-class security and manageability.