Scribd Logo
Upload

Welcome to Scribd!

  • 05 PAM ADMIN Accounts Pt1

    Uploaded by

    yaohang
    26 views28 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    26 views28 pages

    05 PAM ADMIN Accounts Pt1

    Uploaded by

    yaohang

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 28

    Accounts – Part 1

    By the end of this session, the you will be


    able to:

    • Add an Account via the PVWA


    Agenda • Understand the different password
    management operations

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    Overview

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    Add exceptions
    Review/Edit Create Add
    to Master Policy Create Safes
    Master Policy Platforms Accounts
    based on Platforms

    • Business/audit • Technical settings • Exceptions to • Access control • Individual objects


    rules for for managing Master Policy rules containing the required
    managing passwords information (address,
    passwords username, password,
    • Basis for etc.) to manage
    • Global policy exceptions privileged accounts
    settings

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    Accounts – The actual privileged
    account IDs and passwords
    • Stored in Safes
    • Examples include:
    – Domain administrators
    – Local administrators
    – Root accounts
    – Service accounts
    – And more
    • Every account resides in a single Safe
    • Every account is associated with a
    single Target Account Platform
    5

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Add An Account

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    Platform: Safe:
    Master Policy Account:
    LIN SSH 30 Lin-Fin-US

    • Change passwords • Password length • Members of the • Username: logon01


    every 60 days should be 10 “LinuxAdmins” Team
    characters long group will have “Use • Password: ******
    and list” permissions
    • Master Policy • Address: 10.0.0.20
    Exception: Change
    password every 30
    days 7

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    8

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    9

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    10

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    11

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    12

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    13

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    • So, we have “created” an account.
    But what does that mean?
    • Did we create a new account called
    “logon01” on that target system?
    • No. All we have done is registered
    information in the CyberArk PAM
    database about an account named
    logon01. Technically speaking, that
    account does not even need to exist for
    us to do what we just did (although it
    does in our example).
    • Once the account is “created” in
    CyberArk PAM, we need to make sure
    that we have entered the information
    correctly and that CyberArk PAM can
    actually communicate with the target
    14
    machine.

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Account
    Management In this section we will discuss the account
    management operations performed by the CPM
    Operations

    15

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    The CPM manages passwords and SSH keys
    on devices based on the policies set by Vault
    Administrators
    Policy

    y7qeF$1
    Im7yT%w
    Tojsd$5fh
    gviNa9%
    X5$aq+p

    Central Policy
    Manager

    System User Pass


    Unix root tops3cr3t

    Oracle SYS tops3cr3t

    Windows Administrator tops3cr3t

    z/OS DB2ADMIN tops3cr3t

    Cisco enable tops3cr3t


    IT Environment 16

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    There are three actions performed by the CPM in order to manage privileged accounts:

    1 Password Verification:
    Confirms the password stored in the Vault matches the password on the target system

    2 Password Change:
    Changes the password automatically based upon an expiration period or by user intervention

    3 Reconciliation of unknown or lost passwords:


    Process used when the password stored in the Vault does not match the target system

    Central Policy IT Environment


    Manager
    17

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    18

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Vault CPM Target

    Scan Vault for Account

    Account Info & Current Passwords Login using current credentials

    Success or failure

    Notify the Vault

    19

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    20

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    21

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    22

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    23

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Vault CPM Target

    Scan Vault for Account

    Account Info & Current Passwords Login using current credentials

    Success or failure

    Connect & run change password


    Generate
    Password
    Success or failure

    Login using new credentials

    Success or failure
    Store new credentials 24

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    25

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    cyberark.com
    Summary

    26

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    Summary
    In this session we discussed:

    What accounts are

    How to add an account to


    CyberArk PAM via the PVWA

    The different password


    management operations

    27

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


    Additional Resources
    You may now complete the following
    Documentation exercises:
    Rapid Risk Reduction: A 30-Day Sprint
    to Protect Privileged Credentials Securing Windows Domain
    Accounts
    • Account Management
    ̶ Add the reconcile account
    ̶ Add the accounts discovery account

    Securing Unix SSH Accounts


    Securing Oracle Database Accounts

    28

    Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com

    You might also like