PAM: Overview
Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization’s critical information and resources. Subcategories of PAM include shared access password management, privileged session management and application access management.
What is Priviledged Access Management?
Privileged access management (PAM), a subdivision of Identity and Access Management (IAM), is a solution that provides organizations with better control and monitoring capabilities that decide who can have privileged access to critical assets, say, a computer or information system.
The solution should include the following functionalities:
Defining user roles Granting required privileges or access rights for the roles defined Distributing user information and access grants to all devices and systems that enforce access rights in organizations Monitoring privileged user activities and analyzing the same to detect anomalies
how does PAM work?
PAM primarily works by gathering the credentials of privileged accounts, also known as system administrator accounts, into a secure wallet or authenticator to isolate their use and log their activity. The separation is intended to lower the risk of admin credentials being stolen or misused.
Endpoint Management
Endpoint management in AuthNull revolves around ensuring secure access to various endpoints, be it servers, workstations, or other networked resources.
Setting Up Endpoints
To set up endpoints in AuthNull, users need to typically execute scripts - follow instuctions given separately for Windows and Linux endpoints.
Setup a Linux endpoint - video coming soon.
On linux - the process involves setting up a shell script. A video will be updated here soon.
Jump Server Creation
AuthNull provides a mechanism to create a jump server. This server acts as an intermediary for accessing other servers, enhancing security by preventing direct access to critical servers.
Linux only - LDAP 2-Factor Authentication
For those using LDAP (Lightweight Directory Access Protocol), AuthNull supports 2-factor authentication, adding an extra layer of security to the login process.
Linux only - Local 2-Factor Authentication
AuthNull also supports local 2-factor authentication for both SSH and password-based logins. This ensures that even if credentials are compromised, malicious actors cannot gain access without the second factor.
What happens when endpoints are integrated with AuthNull?
- Endpoint Registration: Before synchronization can occur, the endpoint must be registered within AuthNull. This involves installing the AuthNull agent on the endpoint and ensuring it can communicate with the AuthNull platform.
- Initial Synchronization: Once the endpoint is registered, AuthNull retrieves a list of all local users and groups from the endpoint. These users and groups are then imported into AuthNull, preserving their attributes and memberships.
- Ongoing Synchronization: After the initial synchronization, the AuthNull agent monitors the endpoint for any changes to local users or groups. Additions, modifications, and deletions are synchronized in real-time or at scheduled intervals, based on the configuration.
Managing Endpoints
AuthNull provides a comprehensive interface for managing endpoints. Admins can view, modify, and set policies for each endpoint, ensuring that access is always in line with organizational policies.
Credential Rotation
Security best practices recommend regularly changing credentials. AuthNull supports automated credential rotation, ensuring that passwords and SSH keys are changed at regular intervals. This minimizes the risk associated with compromised credentials.