5/19/22, 7:18 PM Case: 03047143

Search...

Home (/S/) Knowledge Base Cases (/S/Case/Case/00B50000008krR0EAI) Engage Partners Tools Docs (Https://Docs.Cyberark.Com) Resources

Case Number
03047143

Contact Name
Kiranmayi Prattipati (/s/contact/0035000003JQF36AAH/kiranmayi-prattipati)

Product
Privileged Access Manager (PAM, self-hosted)

Contact Email
kprattip@in.ibm.com (mailto:kprattip@in.ibm.com)

Component
Vault Server

Account Name
IBM Security Services - India (Alliance) (/s/account/0015000000OcY9mAAF/ibm-security-services-india-alliance)

Functional Area
Security

Version
10.10

Description Information

Subject
Local Security Parameters of Vault Servers

Description
Hi,

Account name: AXA MSP Tenant of Kyndryl

We have a requirement from our client to perform manual health checks on OS level for Vault servers in our environment. We have validated the security checks as per the
checks shared by client and found many of them are non-compliant. It means few of of the security checks in Vaults does not match the agreed value as per client.
Attaching the lists of OS level non-compliant security checks for your reference with this case.

Kindly advise or let us know if we can change the "Actual value" to "Agreed to value" as per the client keeping in mind that there should be no impact on Vault security layers.

Also, one application level security checks related to OSR logs artifacts in Vault servers. We get blank auditing entries while following the below path. Does this means the
OSR logs setting is disabled in Vault servers?

"C:\Windows then right click on system32 folder, select security tab, click on Advanced, select Auditing tab and then click in continue"

Please assist if we can enable the OSR logs setting inside Vault servers? Will there be an impact from this change setting? Do let us know the path location of OSR logs
setting if any.

BR,

Shahbazuddin Shaikh

System Information

Date/Time Opened
13/05/2022 10:54

Priority
Moderate

Date/Time Closed

Status
Waiting Support Level 2

Case Origin
Web

Contact Phone
9740143754

How Long Closed

https://cyberark-customers.force.com/s/case/5002J00001YnrmXQAR/local-security-parameters-of-vault-servers 1/4
5/19/22, 7:18 PM Case: 03047143
-Days

CASE COMMENTS

Write a new comment...

Comment

Kiranmayi Prattipati  •  19-May-2022 13:45:11

Hi Sudhakar,

You may proceed to close this case. Thanks once again.

BR,

Kiranmayi

Kiranmayi Prattipati  •  19-May-2022 13:44:08

As a result, I am proceeding with taking exceptions for attached additional security measures in order to avoid any discrepancies on vault level.

Kiranmayi Prattipati  •  19-May-2022 13:44:02

As a result, I am proceeding with taking exceptions for attached additional security measures in order to avoid any discrepancies on vault level.

Kiranmayi Prattipati  •  19-May-2022 13:41:39

Hi Sudhakar,

Thanks for your crucial input.

Best regards,

Kiranmayi Prattipati

sudpuja  •  19-May-2022 12:34:04

Hi Kiranmayi,

Thanks for the update. As you know the CyberArk Vault is secure component and all the hardening steps were performed according to CyberArk recommendations, the other security
measures need not to be apply for Vaults.

And the Vault component shouldn't be considered as like a windows machine, and more over it is built with some security standards. So, other hardening measures are not
required/can be exempted for vault machines.

In this case, the hardening measures outside of the CyberArk recommendations may impact on the vault functionality/performance, please avoid applying the same for vault.

Please let me know if you have any queries.

Thank you,

Sudhakar Pujari

Kiranmayi Prattipati  •  19-May-2022 12:17:27

Hi Sudhakar,

We are not getting insisted by our customer to push additional security measures for vault servers as attached. Just let me know one line answer if this is actually recommended to
implement on vault servers or not. As far as I know, vault has its own set of GPO pushed during the hardening procedure in its installation steps. Making any further changes apart
from this would hamper security layers of vault in the background.

https://cyberark-customers.force.com/s/case/5002J00001YnrmXQAR/local-security-parameters-of-vault-servers 2/4
5/19/22, 7:18 PM Case: 03047143
And I do understand moving outside of the CyberArk recommendation scope, requires involvement of CyberArk Security Services engineer which includes additional costs. And this
should be only in the case of emergency scenario wherein the business is getting impacted, am I correct?

So can I say that in case of normal scenario, it is not actually recommended to do any sort of unnecessary changes in security parameters of vault servers other than what is carried
out during hardening process?

BR,

Kiranmayi Prattipati

sudpuja  •  18-May-2022 13:44:02

Hello Kiranmayi,

Greetings of the day. CyberArk recommends and supports server hardening scope as described in our documentation (https://docs.cyberark.com/Product-
Doc/OnlineHelp/PAS/Latest/en/Content/Security/Security%20Fundamentals-Introduction.htm (https://docs.cyberark.com/Product-
Doc/OnlineHelp/PAS/Latest/en/Content/Security/Security%20Fundamentals-Introduction.htm)).

Additional security measures/hardenings may be applied in Vault and component servers (incl. PVWA and CPM) on top of CyberArk Hardening's supported scope - But we are not in
the position to provide comprehensive answers as to what the impact on CyberArk products may be for each additional hardening / measure. These particular settings (GPO, UAC,
etc.) were not tested or certified in any ways, and may or may not cause different behaviors / impacts in different environments.

It is suggested that if you or your customer insist on applying hardening measures outside of the CyberArk recommendation scope, that you test these extensively in advance in a
development or testing environment prior to Production deployment. A CyberArk Security Services engineer may be able to assist you or your customer in this testing process,
please contact CyberArk Account Manager / Executive for additional information on this.

Please let me know if you have any queries.

Thank you,

Sudhakar Pujari

sudpuja  •  17-May-2022 11:06:08

Hello Krianmayi,

Thank you for contacting CyberArk Enterprise Support, my name is Sudhakar Pujari and I will be assisting you on this case.

We are checking on the requested Case, and will come back with our findings.

Please don’t hesitate to email me back if you have any more questions.

Kind Regards,

Sudhakar Pujari

abarr  •  17-May-2022 06:03:47

Hello Kiranmayi.

Thank you for your time working on this issue. I am now transferring this case to the product specialist team for further review and handling. Once complete they will come back to
you with the next steps.

If you do need anything in the meantime please update the case or give us a call.

Thanks
Alejandro Barrantes.

Kiranmayi Prattipati  •  16-May-2022 04:08:00

Hi Alejandro,

1. What is the current business impact? (This helps us to make sure the case has the appropriate severity level)

Ans: This has the impact of external/Internal audit failure.

2. Has this worked before? (This allows us to determine if this is a break / fix case or a new implementation)

Ans: This is the first time we received a requirement from client to perform manual health checks on OS level for CyberArk vault servers.

https://cyberark-customers.force.com/s/case/5002J00001YnrmXQAR/local-security-parameters-of-vault-servers 3/4
5/19/22, 7:18 PM Case: 03047143
3. What recent changes have been made in the environment before this occurred? (This question can be skipped if your case is merely a question or request for clarification)

Ans: NA

4. What was the date and time of occurrence? (This question can be skipped if your case is merely a question or request for clarification)

Ans: NA

5. If this is a technical issue can this be reproduced or is it intermittent? (This question can be skipped if your case is merely a question or request for clarification)

Ans: NA

6. Which users or group of users (if any) is affected? (This question can be skipped if your case is merely a question or request for clarification)

Ans: NA

7. Is there any additional information you would like to provide that may assist us in resolving the issue or answering the question?

Ans: I have already attached relevant files which includes security parameters on OS level and which are non-compliant (excel sheet value doesn't match with security values in vault
servers).

BR,

Kiranmayi

abarr  •  16-May-2022 03:36:16

Hello Kiranmayi,

Thank you for contacting CyberArk Technical Support. I am Alejandro and will be assisting you with this case.

To proceed, I would like to establish a clear understanding of the issue: according to the description your customer wants to know if they can change the "Actual value" to "Agreed to
value" as per the client keeping in mind that there should be no impact on Vault security layers.

"Also, one application level security checks related to OSR logs artifacts in Vault servers. We get blank auditing entries while following the below path. Does this means the OSR logs
setting is disabled in Vault servers?

"C:\Windows then right click on system32 folder, select security tab, click on Advanced, select Auditing tab and then click in continue"

Please assist if we can enable the OSR logs setting inside Vault servers? Will there be an impact from this change setting? Do let us know the path location of OSR logs setting if
any. "

Is this correct? If so

If my understanding is not correct, will you please provide detailed guidance?

Also, will you please answer:

1. What is the current business impact? (This helps us to make sure the case has the appropriate severity level)

2. Has this worked before? (This allows us to determine if this is a break / fix case or a new implementation)

3. What recent changes have been made in the environment before this occurred? (This question can be skipped if your case is merely a question or request for clarification)

4. What was the date and time of occurrence? (This question can be skipped if your case is merely a question or request for clarification)

5. If this is a technical issue can this be reproduced or is it intermittent? (This question can be skipped if your case is merely a question or request for clarification)

6. Which users or group of users (if any) is affected? (This question can be skipped if your case is merely a question or request for clarification)

7. Is there any additional information you would like to provide that may assist us in resolving the issue or answering the question?

Thank you,

Alejandro Barrantes.

Articles

Attachments

https://cyberark-customers.force.com/s/case/5002J00001YnrmXQAR/local-security-parameters-of-vault-servers 4/4