On October 13th, speakers Jeff Crume, IBM Distinguished Engineer and IT Security Architect, IBM World Wide Tivoli Tiger Team and Jim Goddard, Business Development Executive, IBM Internet Security Systems addressed issues around Mitigating insider threats through proactive identity management
We've excerpted the following questions and answers from the live Q&A segment of this Jam.
1. What if I need authentication that is stronger than the userids/passwords?
Both Tivoli Access Manager for e-business and Tivoli Access Manager for Enterprise Single Sign-On support second factor authentication mechanisms such as smart cards, one time password tokens and biometrics.
2. How does the security logging work to ensure collection and analysis is done in a forensically sound manner?
One of the most important aspects of log analysis is to ensure that any analysis does not occur on the original log file. Tivoli Compliance Insight Manager does that by archiving the original log file thereby not contaminating the event source. This is something often overlooked with custom code.
3. If a user's SSO password is compromised, are all his applications now accessible via that account and password?
It is likely that users are already using one password for all their accounts in order to minimize the complexity of password management so this risk already exits. However, another option to minimize the risk is to use a second factor to strengthen authentication.
4. What are some of the ways to recertify access?
Tivoli Identity Manager comes with pre-built workflows to perform a recertification of all users for a given service. You can configure the actions to take such as deactivate or mark only if a user or manager does not recertify the account.
5. Was What kind of PII (personally identifiable information) is stored within the Identity Access Management (IAM) solution?
Whether information is considered PII must be judged at a local level based on regulations and policy. However, some elements the personnel feed will include might be name, country and address. It is a best practice to not include sensitive information in the feed such as social security numbers.
6. What about authentication of a user who logs in from multiple systems at multiple locations?
In some cases this behavior may be desirable but if this is not the case, Tivoli Access Manager for e-business has a Session Management Service which can be configured to restrict simultaneous logins.
7. Does TIM work with Domino Servers?
Yes. Tivoli Identity Manager also supports provisioning email accounts on Microsoft Exchange as well as many other IBM and non-IBM applications, data bases, operating systems, etc.
8. Is there a Best Practices Guide available for customers to use as a roadmap for planning a security deployment?
IBM Redbooks are an excellent source of practical information on best practices for configuring, customizing and implementing Tivoli security solutions. The full set of documents can be found at www.redbooks.ibm.com or an informal listing of Tivoli security-related content can be found at extranet.lotus.com/crume.
You can access the replay, podcast and PDF slides by registering here: http://ow.ly/vrjx
About ISM Jams
IBM Service Management Jams are weekly webcasts that address the hottest service management topics on a variety of levels from technological thought leadership to product tips and tricks. Jams air Tuesdays at noon EST, are available on-demand within 24 hours and are accessible for one year. ISM Jams are led by Wendy Whalen, ISM Jams Program Manager, Tivoli.