Securing Privileged Accounts with Hitachi ID Privileged Access Manager

Click here to load reader

  • date post

    27-Jan-2015
  • Category

    Technology

  • view

    109
  • download

    4

Embed Size (px)

description

Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated vaults. Access to privileged accounts may be disclosed: • To IT staff, after they have authenticated and their requests have been authorized. • To applications, replacing embedded passwords. • To Windows workstations and servers, which need them to start services. Password changes and access disclosure are closely controlled and audited, to satisfy policy and regulatory requirements.

Transcript of Securing Privileged Accounts with Hitachi ID Privileged Access Manager

  • 1. Securing Privileged Accounts with Hitachi ID Privileged Access Manager 2014 Hitachi ID Systems, Inc. All rights reserved.

2. Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated credential vaults. Access to privileged accounts may be disclosed: To IT staff, after they have authenticated and their requests have been authorized. To applications, replacing embedded passwords. To Windows workstations and servers, which need them to start services. Password changes and access disclosure are closely controlled and audited, to satisfy policy and regulatory requirements. Contents 1 Privileged Access Management 1 2 Technical Challenges 2 3 Functional Requirements 3 4 Randomizing Privileged Passwords 4 5 Access Disclosure 5 5.1 Frequent Users: Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5.2 Occasional Users: Workow Approval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5.3 Concurrency Controls Checkin/Checkout . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5.4 Alternatives to Password Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5.5 API for Progammatic Access Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.6 Updates to Service Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6 Strong Authentication 12 7 Auditing and Regulatory Compliance 13 8 Hitachi ID Privileged Access Manager Architecture 14 8.1 Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 8.2 Push and Pull Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 8.3 Hitachi ID Privileged Access Manager Host Platform . . . . . . . . . . . . . . . . . . . . . . 15 8.4 Supported Target System Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 i 3. Securing Privileged Accounts With Privileged Access Manager 1 Privileged Access Management In a typical enterprise-scale organization there are thousands of servers, workstations and network devices. Normally, there is a single, shared administrator password for every type of device. For example, one password may be used for each workstation of a given type or for every server with a given conguration. This is convenient for data center and desktop support staff: if they need to perform maintenance or an upgrade on a workstation or server, they know how to log in. Such static and well-known privileged passwords create both operational challenges and security problems: When administrator login IDs are shared by multiple IT users, there is no audit log mapping adminis- trative changes to individual IT staff. If an administrator makes a change to a system that causes a malfunction, it can be difcult to determine who caused the problem. When the same privileged account and password exists on many systems, it is hard to coordinate password changes. As a result, privileged passwords are rarely changed and are often known to ex-employees. Hitachi ID Privileged Access Manager secures privileged accounts on an enterprise scale: It periodically randomizes every privileged password. Users must sign into Privileged Access Manager when they need to use a privileged account. Multi- factor authentication can be required. Privileged Access Manager launches login sessions on behalf of users, without displaying passwords single sign-on. Logins to privileged user accounts can be recorded, including screen capture and keyboard logging. This creates strong accountability and forensic audit trails. 2014 Hitachi ID Systems, Inc.. All rights reserved. 1 4. Securing Privileged Accounts With Hitachi ID Privileged Access Manager 2 Technical Challenges The obvious solution to the security vulnerability of static and shared privileged passwords is to change these passwords so that each one is unique and changes regularly. Doing this can be technically challeng- ing, however: There are thousands of privileged passwords: Clearly automation is required to manage them. There are passwords on many kinds of systems: The automation must include many integrations, with different kinds of systems (Windows, Unix, SAP, mainframe, Oracle, etc.). The majority of privileged passwords are on PCs and laptops. Workstation passwords present special challenges: Workstations may be powered down. Workstations may be disconnected from the network. Workstations may not be reachable from a central data center because they are behind rewalls. Connectivity to servers. Servers may not be up 100% of the time. Servers may not be reachable from a single data center network segment. Specically, they may be on different network segments, blocked off from the password management system by one or more rewalls. Secure, reliable storage. Once automation is implemented to regularly change passwords, technical challenges regarding their storage must be addressed. The password storage system must: Be secure. An insecure storage system, if compromised, would allow an intruder to gain admin- istrative access to every device in the IT infrastructure. Be reliable. A disk crash or facility interruption affecting the password storage system would make every administrator ID unavailable. Include ne-grained access controls. Only the right administrators should get access to the right passwords, after proving their identity. Log access disclosure. Access to privileged accounts must be logged, to create accountability. 2014 Hitachi ID Systems, Inc.. All rights reserved. 2 5. Securing Privileged Accounts With Hitachi ID Privileged Access Manager 3 Functional Requirements A privileged access management system needs a set of well-integrated features to function: 1. It must randomize passwords regularly sensitive passwords should be unique and short-lived. 2. It must be able to disclose passwords to or inject passwords into sessions on behalf of appropriate users and software agents, but only under the right circumstances: (a) To IT staff, if they have been assigned appropriate access rights. (b) To IT staff who have not been assigned permanent access rights, but have been granted one- time permission. (c) To programs that start services (Windows Service Control Manager, Scheduler, IIS and others) so that they can start services after a password change. (d) To applications, to replace embedded passwords in programs and scripts. 3. Both a static access control model and a dynamic authorization workow are required. 4. The system must log both password updates and disclosure. Failed updates can be used to identify infrastructure problems while logs of access disclosure create accountability. 5. The system should be able to control concurrent disclosure of a given password for example to limit the number of people concurrently able to manage a server. 2014 Hitachi ID Systems, Inc.. All rights reserved. 3 6. Securing Privileged Accounts With Privileged Access Manager 4 Randomizing Privileged Passwords Hitachi ID Privileged Access Manager secures sensitive passwords by periodically randomizing them: 1. On push-mode servers and applications: (a) Periodically for example, every night between 3AM and 4AM. (b) When users check passwords back in, after they are nished using them. (c) When users request a specic password value. (d) In the event of an urgent termination of a system administrator. 2. On pull-mode laptops and similarly congured devices: (a) Periodically for example, every day. (b) At a random time-of-day, to prevent transaction bursts. (c) Opportunistically, whenever network connectivity happens to be available from the workstation to a central server. Privileged Access Manager can enforce multiple password policies. There is a global password policy as well as sets of password rules in each managed system policy. Password policies specify the complexity of both randomly chosen and manually selected passwords. In addition to mandating character types (lowercase, uppercase, digits, punctuation), the policy can specify minimum and maximum password lengths, prohibit the use of dictionary words, etc. These features are relevant to manually-chosen passwords. 2014 Hitachi ID Systems, Inc.. All rights reserved. 4 7. Securing Privileged Accounts With Privileged Access Manager 5 Access Disclosure Hitachi ID Privileged Access Manager is designed to not only randomize and securely store privileged passwords, but also to connect users and programs to privileged accounts after appropriate authentication and authorization. It includes the following access disclosure capabilities: 1. To users, via a web interface, subject to access control policy. 2. To users who do not have pre-authorized access rights, after approval. 3. To applications, in order to replace embedded passwords, using an API (application programming interface) where applications authenticate using an OTP (one time password) and may only connect from a pre-dened range of IP addresses. 4. To service launching programs, such as the Windows Service Control Manager, by writing new pass- word values to the appropriate locations after a successful password change. Note that all disclosure is subject to SSL encryption, strong, personal authentication, access controls or workow approval and audit logs. 5.1 Frequent Users: Access Controls The most common form of access control in the Hitachi ID Privileged Access Manager is based on managed system policies. These policies are named collections of managed systems containing privileged accounts whose passwords may be randomized and access to which is controlled. Managed systems may either be attached to a policy explicitly (e.g., attach workstation WKSTN01234 to