Recent high profile cyberattacks have highlighted the importance of having strong standards and features built into infrastructure monitoring and management tools. Microsoft System Center Operations Manager (SCOM) offers world class monitoring capabilities and includes powerful built-in security features.
Our increased focus on customers security concerns have led us to include enhancements to many security related features in recent SCOM update rollups. We know that organizations have strict controls and best practices and we want to ensure that our customers have the right tools to prevent attacks and gain peace of mind. Here are some of SCOM’s security offerings.
A new addition to SCOM 2019 was increasing out of the box security configuration through support for group managed service accounts (gMSA).Group Managed Service Accounts (gMSA) has been a very popular capability because it alleviates the need for password management – now all accounts used in SCOM can be gMSA. A detailed guide on how to configure gMSA accounts in lieu of your existing SCOM accounts is provided here.
Another important best practice is to disable interactive and remote interactive sessions for service accounts. SCOM 2019 supports hardening of service accounts and does not require granting the “Allow log on locally” user right for several accounts. The default configuration on SCOM 2019 Management Servers, Gateways, and Agents, is that service accounts and RunAs accounts will now leverage the “Log on as a Service” user right, and no longer require the “Log on locally” user right.
An additional security feature in SCOM is that Run As account credentials can only be distributed to computers that you specify. Automatically distributing Run As account according to discovery could introduce a security risk, which is why an automatic distribution option is not included in Operations Manager.
Authentication in Operations Manager
SCOM implements a default set of authentication protocols, including Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL) as part of an extensible architecture. In addition, some protocols are combined into authentication packages such as Negotiate and the Credential Security Support Provider. These protocols and packages enable authentication of users, computers, and that in turn ensures access to resources in a secure manner.
SCOM also mandates a least privileged model for its security account matrix. The least privileged model is a best practice in IT security and the concept is that any user, service, or process should have only the bare minimum privileges necessary to execute the required task. Mandating this principle reduces the risk of attackers gaining access to sensitive data by compromising low level user accounts or devices.
Auditing in Operations Manager
We recently introduced Management pack change tracking, a feature that allows enhanced audit tracking capabilities in SCOM. Management Packs are essentially the arteries of SCOM that help the core of SCOM function well. They include monitoring configurations and data collection parameters tailored for specific applications and services. Management packs are released by both Microsoft and third-party vendors for a range of tools and applications that need to be monitored in the customer’s landscape.
SCOM allows to be defined giving access rights to perform actions on the monitored objects. These roles can be defined to determine who can potentially change monitoring settings for applications and services through Management Packs. A profile is defined on a group of users which impose Role-based security and limit privileges that users have for various aspects of Operations Manager. The change tracking feature allows the administrators to do an easy root cause analysis as and when required to keep track of what changes are being done by which user and when.
Security is built-into SCOM
To help customers deploy the latest security protocols, we enable Transport Layer Security (TLS) protocol version 1.2 for System Center Operations Manager management groups. In support of our commitment to use best-in-class encryption, SCOM’s engineering team is continually upgrading our cryptographic infrastructure. Customers can configure the Web console and Reporting server to use Secure Sockets Layer (SSL) connections to ensure that both incoming requests and outbound responses are encrypted prior to transmission.
System Center Operations Manager provides layers of protection built into the product to safeguard against security breaches. SCOM follows Microsoft’s Software Development Lifecycle(SDL) policy , which considers security and privacy throughout all phases of the development process. The SCOM team uses Microsoft approved SDL tools like BinSkim, CredScan, Codesign Validation, and Anti malware to perform security checks for each line of code they produce. In addition to these tools and to add further protection, our code is also encrypted with Secure Hash Algorithm 2 (SHA-2).
We are very proud to offer a product like System Center Operations Manager, one that continues to support evolving industry security needs and strives to keep our customers safe and productive.