Implementation Guide › Planning Your Enterprise Implementation › Deciding How to Protect
Deciding How to Protect
Before you install CA Access Control, decide what features of the software you want to use.
CA Access Control provides the following protection methods
- Native security using CA Access Control Endpoint Management to implement the security features that are already familiar to you.
- Advanced native security to guard against more sophisticated attacks. CA Access Control lets you:
- Limit the rights of privileged accounts
- Assign special privileges to ordinary users, such as the ability to change user passwords for special users
- Support multiple file systems including NTFS, FAT, and CDFS
- Centralize security policies and auditing across heterogeneous environment containing Windows and UNIX systems
- Advanced policy management to deploy multiple-rule policies (script files) you create for your enterprise. Using this policy-based method, you can create version-controlled policies, assign and unassign policies to host groups in your enterprise, directly deploy and remove deployed policies (undeploy), and view deployment status and deployment deviation.
- A Policy Model database (PMDB), which enables you to propagate a security database with users, groups, and access rules to a set of subscribers. The PMDB regularly propagates all the updates it receives to its subscribers. This mechanism eases the administrative burden on system administrators.
- Privileged User Password Management (PUPM), which provided you with role-based access management for privileged accounts on target endpoints from a central location. PUPM also provides secure storage of privileged accounts and application ID passwords, and controls access to privileged accounts and passwords based on policies.
- UNIX Authentication Broker (UNAB), which lets you validate the credentials of local UNIX users and groups against Active Directory. You use a single repository for all your users, letting them log in to all platforms with the same user name and password.
