Dell World 2014
Enhanced Security and Compliance
with Dell Endpoint System ManagementBrandon Whitman, Sales EngineerAlejandro Vazquez, Software Technologist
Dell WorldUser Forum
Compliance?
A baseline for security
• Authoritative Documents– HIPAA– SOX– PCI– Etc.
• Process Compliance– ITIL
• Software Compliance– Licensing– Configuration
Dell World User Forum
Security?
How you become compliant
• Discovery– SCAP– OVAL– Inventory
• Action– Patching– Permissions– Processes
Dell World User Forum
ESM SolutionsEnd to end system management
• K1000 Management Appliance– Device Inventory– Software Catalog– Patching– Helpdesk– Vulnerability Assessment
• Desktop Authority Management Suite– Least Privilege Access– User Workspace Management
• Password Manager– Self Service Password Management
Dell World User Forum
Dell World 2014
What are SCAP and OVAL
SCAP
• Easy to use tool to ensure common endpoint configurations and confirm organizational compliance.
• Published and maintained by the National Institute of Standards and Technology (NIST) for Windows.
OVAL
• Comprehensive suite of tests to detect security vulnerabilities.
• Community based but primarily sponsored by DHS Office of Cyber Security.
• Reports offer recommended remediation steps.
Discover
Analyze
Secure
Dell World 2014
Why SCAP and OVAL?
SCAP
• Ensure systems are deployed at “Known Good” baseline.
• Meet FDCC Compliance and/or enable organizations to enforce their own configuration standards
OVAL
• Preventative maintenance to close vectors for malware infections
• Automate the task of finding vulnerabilities and configuration issues.
• Reports offer recommended remediation steps.
Discover
Analyze
Secure
Dell World 2014
How? Preventative Image Hardening
• Deploy with K2000
• Image is already compliant with company policies
• Easier to manage in the future.
• Prepare K1000 agent for imaging
• Run amptools.exe cloneprep=1
• Removes KUID
• Use SysprepCreator
• Capture with K2000
• Remediate per current policies
• Run additional scans
• Confirm compliance with current policies
• Install K1000 agent
• Run Benchmarks
• OS
• MS Office
• IE
• Analyze Results
• Compare to current policies
Scan Comply Capture Deploy
Dell World 2014
What is Desktop Authority Management Suite?
Desktop Authority Standard & Privilege Manager
• Toolset to enable administrators to proactively provision and manage the Windows user environment.
• Create a secure, consistent environment for each user
• Ensure applications run with only the privileges and access needed
• Targeted configurations and privileges to ensure a balance security with user productivity
Profiles
Privileges
Happy Users!
Dell World 2014
Why Desktop Authority Management Suite?
• Managing the user environment has always been difficult
• Built-in management tools, namely GPOs, can apply many settings, however, application can be cumbersome to configure
• Logon scripts are widely used and often embedded into GPOs
• Desktop Authority is simply easier to use than a collection of configuration tools.
• Happy IT Staff AND Happy Users!
• Complements Endpoint Management Solutions
Profiles
Privileges
Happy Users!
10
Dell - Restricted - Confidential
How to make Happy Users! (and Happy IT Staff)
Configuration and Management
• Validation Logic• Replace Logon Scripts• Customize Applications• Printer and Drive Mapping• Folder Redirection
Dynamic Security
• Validation Logic• USB Port Security• Group Policy Templates• Security Policies• Least Privilege Application
Access
Enhance Traditional Client Management
• Complete the User Workspace Configuration
• Complement Existing System Management Infrastructure
Power Management
• Validation Logic• Inactivity Monitoring• Power Schemes• Savings Calculator
Dell World 2014
What is Dell Password Manager?
• Self-service password reset tool with an end-user friendly interface
• Tool to allow IT to easily enforce stronger password policies and automate password change intervals
• Seamless integration with Windows and the K1000
• Increase data security by eliminating common intrusion vectors
Forgotten
Locked
Fixed
Dell World 2014
Why use Dell Password Manager?
• Reduce helpdesk and IT involvement
• Increase user productivity
• Eliminate the need for users to write down passwords
• Reduce the risk of data breach due to weak passwords
• Reduce lost productivity
Forgotten
Locked
Fixed
Dell World 2014
How?Familiar User InterfaceDell Password manager presents end users with an interface much like web commerce sites.
Dell Password Manager
Self-EnrollmentUsers enroll and choose from a list of security questions and provide their unique answers.
Self-ServiceWhen a user forgets their password, they simply answer their questions and can reset it without the need for IT intervention.
Dell World User Forum
All together now…
• Preventative Image Compliance
• Using SCAP and OVAL to secure the OS prior to Deployment with the K2000 Deployment Appliance
• Live System Auditing
• Using SCAP and OVAL on currently running systems
• Least Privilege Access
• Privilege Manager can allow legacy programs to run as Administrator while the user retains a lower privilege set
• User Workspace Management
• USB Port Security
• Prevent the need for end users to seek other methods to do their job.
• Password Manager
• Increase security and reduce cost
• Empower users
Dell World 2014
Thank you.
Dell World 2014
Reference
Dell World 2014
Helpful Links
• Unified Compliance– https://www.unifiedcompliance.com/
• Addressing HIPAA Challenges with KACE and SecureWorks– http://www.kace.com/~/media/Files/Resources/White-Papers/Addressing-HIPAA-Challenges-Dell-KACE-and-Dell-
SecureWorksoach.pdf
• Desktop Authority Licensing and FAQ– http://www.quest.com/docs/desktop-authority-management-suite-faq-24287.pdf
• Dell Password Manager Datasheet– http://www.quest.com/documents/password-manager-datasheet-3490.pdf
• The Privilege Management Conspiracy– https://software.dell.com/docs/the-privilege-management-conspiracy-whitepaper-7789.pdf
• Killing Administrator– https://software.dell.com/docs/WPW-KillingAdministrator-082212.pdf
• Six Ways to Extend and Expand Your Systems Management Capabilities to Your User Environment – http://software.dell.com/documents/six-ways-to-extend-and-expand-your-system-management-capabiltiies-to-
your-user-environment-whitepaper-27653.pdf
