Definitions: Remote Administration

Definition

Remote Administration covers many topics in data-center operation and desktop management. For example, the way applications are deployed affects budgets. Nick Sanna of Netuitive suggests applications better be accessible and perform well for users at all times. So, performance  monitoring is pretty important. However, the only monitoring tools that IT  managers seem to rely on these days are complaining customers. Such a tool is  an undependable alert system. As a result, most problems go undetected until it’s too late.

Business Applications

In fact, a recent survey by Gartner showed that 70 percent of IT managers have little or no confidence in their current systems-management tools. That’s because the traditional monitoring tools rely on manual guesswork  for setting monitoring thresholds and analyzing performance. It’s not just that automation can make these tools better—but that without it, they can never work well at all. Netuitive has a solution that adds automated analysis to already installed monitoring tools. This self-learning, performance-management software automates 90 percent of manual systems administration tasks and isolates root causes automatically.

While these solutions aren’t cheap, there is substantial ROI, sometimes in just a few months. Netuitive has a customer that had 10 full-time people dedicated to performance monitoring and was able to reduce this number to just one administrator after the software was deployed.

Administering user permissions

Privileged user accounts are the most powerful accounts defined within critical applications and the servers, operating systems and databases on which they run. These include, but are not limited to, generic accounts such as Administrator on Wintel platforms, Root on UNIX systems,Cisco  Enable, DBA passwords, and the hard-coded passwords found in application scripts throughout an enterprise.

These accounts provide wide-ranging access to the data  within the application/system, the ability to view/copy/modify this highly sensitive information, and even the ability to change the access rights to this  information. If the accounts are not properly managed and secured, with the  default passwords changed to a strong password, and under a trackable "change control" process/system, it leaves these critical  applications and the data they contain vulnerable to deliberate or inadvertent misuse, breaches and potential data theft.

Deployment Concerns

A company called NetSupport has released a new version of its NetSupport Manager that extends remote control, deployment and other services to 32-bit and 64-bit Vista environments.

Security Issues

An important question to ask remote-service providers revolves around the issue of security. Brian Anderson, vice president of  marketing for Axeda, a provider of secure  remote service and support capabilities, says that with security, he does an  annual security audit by VeriSign. That's something people should ask about—not only if a company says it's secure, but if it can prove it.

Technical Details

There are several common mistakes that are made when dealing with privileged user identities and passwords:

1) Not being aware of all of the default accounts on target machines, systems and applications.

2) Not changing the default passwords on all of the privileged user accounts on these targets.

3) Making these passwords easy to remember and/or generic across multiple systems.

4) Having the privileged identities/passwords written down or visible in publicly or easily accessible areas.

5) Trusting the IT team — i.e., allowing all system administrators to have access/know all administrative passwords.

6) Hard-coded passwords in test scripts, application scripts, et al.

In today's business environment, applications need to "log into and access" other applications constantly, such as, in  Cyber-Ark's Enterprise Password Vault. Here’s how control and auditing of the actions of authorized users is handled.

When the Enterprise Password Vault is implemented, there are several types of user created on the system. These include:

1) Vault Administrator Users, who have the ability to  add users to the Vault, create Safes in the Vault (the logical unit of  management within the Vault—Safes contain files and objects), run reports, set  access rights and do other administrative functions within the Vault.

2) Audit Users, who do not have the same abilities as the Vault Administrator to add  users, create Safes, etc, but have the ability to run reports and audit  accesses to the vault, individual Safes (of which they are a named audit "owner") and of the files within these Safes.

3) General Users, of which there are two types: Safe Owners and Safe Users. A Safe Owner has the ability to allow existing Vault users to have access to the Safes they own, and manage the information, rights and monitoring of those Safes.

Related Knowledge Network Content