Overview
Appliance-based - Quick deployment – No agents
to install on managed systems.
Granular Password Control - Control password
release by user/group, system, and date/time.
Password Security - Automatic, random password
resets with definable password composition rules.
Detailed Logs and Reports - Show that audit
and regulatory compliance practices are met.
Optional "Approver" Authorization - Can require
management approval prior to password release
for additional security.
Broad Platform Support - Windows, UNIX, Linux,
AS/400, Active Directory, databases, firewalls,
and routers/switches.
Symark PowerKeeper® is a hardened appliance that creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system. Its highly configurable security features let you customize the product to fit your heterogeneous IT environment and compliance requirements. For additional reliability, all encryption in PowerKeeper is provided by commercially supported, FIPS 140-2 validated software. Only PowerKeeper can deliver the level of security and reliability that organizations need to satisfy compliance, auditing, operational, and internal risk-management requirements.
Privileged (or administrative) passwords are pervasive in any organization. More numerous than personal passwords, they are used to access virtually every device, every operating system and every application. These “keys to the kingdom” grant access to programs and files containing sensitive data. If they are not properly protected and managed, they represent a significant security and compliance risk to the organization.
But privileged passwords are difficult to manage. They are often shared among individuals, lost or forgotten, left as default passwords, not regularly maintained, and not protected from misuse. This results in high administration costs and lower productivity. Ignoring this reality creates unacceptable security risks, and also violates government regulations (like SOX, HIPAA, and GLBA) and industry standards (like PCI DSS and Basel II). Compliance with these regulations and standards requires the creation of a secure access-control infrastructure and adherence to security best practices. Symark PowerKeeper provides a simple to implement, straight forward solution to these problems and closes these security risks while helping you demonstrate and meet compliance requirements.
A user requests a password through PowerKeeper, “checks out” the password (which may require a manager’s approval) and uses it to log in to a privileged account. Similarly, an application requests a password and PowerKeeper authenticates the application against the approved program factors. If authenticated, PowerKeeper checks out a one-time password to the application. In either case, PowerKeeper can rotate the password after it is “checked in” or after a pre-determined time. All requests and password activity is logged by PowerKeeper.
Securing Privileged Accounts
Hardened appliance running Windows 2003
Web Server.
No direct access to the OS.
Windows software firewall with IPSEC support
prevents hacking.
FIPS 140-2 validated components for all
encryption
EncryptionPlus Hard Disk AES 256-bit encryption
for whole disk encryption
Crypto API for Windows Server 2003.
SSH Tectia Server for command line interface.
PKZIP for password and document encryption.
Passwords are signed in storage with an
X.509v3 certificate.
Inbound connections are only through HTTPS
and SSH.
Uses the most secure encryption supported
by the managed system
LDAP & Active Directory support for single-factor
authentication.
Support for additional two-factor authentication
with tokens (RSA, Secure Computing).
Password Management
User-configurable, automatic password reset
schedule.
Optional “Dual Control” to meet compliance
requirements for release and approval of
passwords.
Parameters are definable for password aging,
automated changes after password requests
are completed, and scheduled changes by
day/date/time.
Passwords are randomly generated based on
administrator-defined composition rule sets:
Length, Alphanumeric characters, Case, Special
characters (punctuation, etc.)
Password access may be restricted by day/date/time.
Windows password changes made using native
RPC calls.
Password Change Agent for secure automated
root password resets via SSH.
Serves as a fire call box by storing critical
passwords such as root.
Performance, Reliability, Manageability
Hardware and software are integrated and
pre-configured into a single device.
Agentless technology for rapid deployment.
Powerful, intuitive web-based administration.
Consolidation of users into groups and the
creation of aliases.
Integrated SQL technology for fast searching.
Performance monitoring for enhanced reliability.
High Availability pairing ideal for global
deployments.
One appliance can support thousands of systems.
Automated patch management of appliance
software upgrades.
Fault tolerance configurations available.
Disaster Recovery options with automated
backup for fast swap over to backup appliances
Logs and Reports for Audits and Regulatory Compliance
All actions taken on or by PowerKeeper are
logged.
Complete record to demonstrate compliance.
Logs cannot be changed by anyone.
Logs cannot be changed by anyone.
Activity Reports – events, I/O logs.
User Reports – entitlement (privileges/rights
of each role/user), administrator activity,
requestor activity.
Password Reports – password inventory, update
activity, update schedule, testing activity
Automated patch management of appliance
software upgrades.
Reports exportable in CSV or HTML format.
Administrator and auditors can subscribe
to reports.
Supported Platforms
UNIX: Solaris, AIX, HP-UX (trusted and untrusted), Tru64*, UnixWare*
Linux: Red Hat*, SuSE
Mid-range: IBM AS/400, DB2*
Windows: 2000, 2003, XP and Media Center*,
Active Directory, NT*, NT4*, NT Domains, Vista*
Databases: Oracle, Microsoft SQL, Sybase, MySQL*
Firewalls: CheckPoint, CyberGuard, Cisco PIX, NetScreen, Nokia IPSO
BlueCoat SGOS devices
Cisco routers and switches, TACACS*
IBM z/OS and RACF
Other: BoKS*, Fujita RSB*, HP iLO, ProxySG*, Radius*, VMware, Symark PowerPassword
* Please contact us for more information
Privileged Password Management - Administrator Password Reset - Administrative Passwords - Change Administrator Password
Screenshots
PowerKeeper GUI
PowerKeeper GUI
Add/Modify Managed System
List Managed Accounts
User Information
User Entitlement
A2A Programs
