You have a mixed network of Unix, Linux, Mac OS X, and Windows computers, and you’ve got to bring your environment into compliance with the Payment Card Industry Data Security Standard, the set of security requirements for businesses that process credit card information. The standard requires that you authenticate individual users and strictly control access to customer data. If you don’t comply by a set date, or if you have a security breach, your company faces hefty fines from Visa, MasterCard, and American Express. They might even suspend your ability to accept payment cards.
Likewise helps overcome the challenges of complying with the PCI data security standard by integrating Linux, Unix, and Mac OS X computers into Active Directory. Joining non-Windows computers to an Active Directory domain immediately yields the benefit of providing a centralized identity management system, giving you the power to manage all your users' identities in one place, use the highly secure Kerberos 5 protocol to authenticate users in the same way on all your systems, apply granular access controls to sensitive resources, and centrally administer Linux, Unix, Mac, and Windows computers with group policies.
One User, One ID
Requirement 8 of the PCI DSS is to assign a unique ID to each person with computer access. By using Likewise with Active Directory, you can easily do just that – for both Windows users and Linux and Unix users. Active Directory makes ID management simple: one ID, one user. Likewise extends that functionality to Linux, Unix, and Mac OS X users. With one unique ID provisioned and centrally managed through Active Directory, a user can log on Windows, Unix, Linux, and Mac OS X computers with an encrypted password that is securely authenticated against the Active Directory database. More: You can assign each user a unique ID in Active Directory while maintaining your NIS domain user information. When you migrate Linux and Unix users from NIS domains to Active Directory, Likewise uses cells to preserve the user information in your NIS domains. A cell provides a custom mapping of a unique and identifiable Active Directory user to that user’s UIDs and GIDs:
Granular Access Control
Requirement 7 of the PCI DSS is to restrict access to cardholder data by business need-to-know. With Likewise and Active Directory, you can use your pre-existing UIDs to control access to cardholder data at a granular level. In fact, Likewise allows all users that are provisioned in Active Directory to access resources on Unix and Linux hosts. Unix and Linux permission settings for users and groups are defined by UIDs and GIDs. In Active Directory, on the other hand, a security identifier (SID) uniquely identifies a user, group, or computer. Likewise overcomes this mismatch by mapping SIDs to UIDs and primary GIDs and storing the information in the Program Data node of the Active Directory database. By mapping SIDs to UIDs and GIDs, Likewise makes Active Directory’s granular access control available to Unix, Linux, and Mac OS X computers, users, and groups.
Group Policies
Requirement 2 of the PCI DSS is to not use vendor-supplied defaults for system passwords and other security parameters. With Likewise, you can centrally manage the security settings on non-Windows systems by using the Group Policy Object Editor or the Group Policy Management Console to create group policies and then apply them to computers running Linux, Unix, and Mac OS X. Likewise comes with more than 100 group policies for Linux, Unix, and Mac OS X computers, including policies for setting security parameters. Likewise applies group policies to Linux and Unix systems in the same way that Active Directory applies group policies to Windows systems:
Likewise group policies can also be used to help comply with Requirement 10 -- track and monitor all access to network resources and cardholder data. For example, one of Requirement 10’s subrequirements is that you “establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user.” Likewise includes a group policy for the sudo configuration file. The policy can specify which users can run which commands as root, eliminating the need for users to log on as a root user to run commands.
More Information
For a detailed description of Likewise Enterprise's feature support the PCI DSS requirements, see the following whitepaper:
Using Likewise to Comply with PCI Data Security Standards
Learn more about compliance by visiting the web page: