adam's notes

Privileged Access Management (PAM)

Privileged access management (PAM) refers to policies, procedures, and technical controls to prevent the malicious abuse of privileged accounts by internal threat actors and to mitigate risks from weak configuration control over authorizations.

  • the controls identify and document privileged accounts
    • is one that can make significant configuration changes to a host
      • e.g., installing software or disabling a firewall
      • has rights to log on to network appliances and application servers
    • give visibility into their use and managing the credentials used to access them
    • must take the greatest care with credential management
      • must use strong passwords and ideally multifactor authentication (MFA) or passwordless authentication
  • e.g.,
    • BeyondTrust
    • Centrify
    • CyberArk

General Principles of PAM

  • least privilege
    • means that a user is granted sufficient rights to perform their job and no more
    • authorization creep
      • refers to a situation where a user acquires more and more rights
        • either directly or by being added to security groups and roles
    • should be ensured by
      • closely analyzing business workflows to assess what privileges are required
      • performing regular account audits
  • separation of duties
    • is a means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by insider threats
    • duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers

Zero Standing Privileges

  • Traditional administrator accounts have standing permissions
  • Just-in-time (JIT) permissions
    • means that an account’s elevated privileges are not assigned at log-in
    • permissions must be explicitly requested and are only granted for a limited period
    • referred to as zero standing privileges (ZSP)
  • 3 models for implementing:
    • Temporary Elevation
      • account gains administrative rights for a limited period
      • e.g.,
        • User Account Control (UAC) feature of Windows
        • sudo command in Linux
    • Password Vaulting/Brokering
      • privileged account must be “checked out” from a repository and is made available for a limited amount of time
      • administrator must log a justification for using the privileges
      • Approval of the request could be:
        • automated via system-enforced policies
        • or require manual intervention
          • providing a measure of M of N control
      • provides
        • better accounting oversight than temporary elevation
        • better protection against compromise of privileged credentials
    • Ephemeral Credentials
      • system generates or enables an account to use to perform the administrative task and then destroys or disables it once the task has been performed
      • Temporary or ephemeral membership of security groups or roles can serve a similar purpose

Info

  • good idea to restrict the number of administrative accounts as much as possible
  • The more accounts there are, the more likely it is that one of them will be compromised
  • do not want administrators to share accounts or to use default accounts
    • as that compromises accountability

Info

To protect privileged account credentials, it is important not to sign in on untrusted workstations.
secure administrative workstation (SAW) is a computer with a very low attack surface running the minimum possible apps.

Graph View

Backlinks