Hitachi ID Systems, Inc.

Hitachi

Security Benefits Secure Password Management Audit Trails

Headlines

Hitachi, Ltd. acquires M-Tech Information Technology, Inc. ... More»

Audit Trails

Background

No security process is perfect. Given enough time, enough systems and a sufficiently large user population, some security compromise is likely to happen. Password management, and authentication processes in general, are no exception to this rule.

To mitigate the business risk of a security compromise in an authentication process, it is important to introduce audit trails. Audit trails record all security transactions, and allow the organization to follow up on what actually happened after a suspicious event takes place.

Audit trials can be combined with real-time alerts, for example using e-mail, instant messaging or telephony / text messaging, to trigger rapid investigation and automatic system defences, such as intruder lockouts.

Audit trails are a core responsibility of a password management system. Events such as authentication attempts and failures, successful and failed user enrollments, successful and failed password updates and more should all be logged, and should all be able to trigger real-time alerts.

P-Synch® Logging

Over 163 events, including authentication success and failure, intruder lockouts and security change requests and approvals, for both users and administrators, are logged by P-Synch.

All log data is directed to an internal database table (a session log), which includes time, date, event type, target system ID, requester user ID, recipient user ID, administrator ID (if any), results and any error messages.

Logging data is maintained indefinitely. It is accessible directly in the database table (xBase file / DBF format), it can be exported in a CSV format and can be accessed using any ODBC-compliant tool on the P-Synch server itself.

Every logged event can also trigger "external systems notification." Binary integration programs are provided to propagate event data to Remedy ARS, Peregrine ServiceCenter, various other call tracking systems, ODBC databases and e-mail (via SMTP).

Events can also trigger execution of a program on the P-Synch server, which could interface with an infrastructure management system using SNMP traps, for example.

All logged data is available both using a web-based reporting system built into P-Synch and using direct access to log data by an authorized P-Synch administrator.