Professional Documents
Culture Documents
GRC
Governance Risk Compliance
2 Update configuration file for change password request workflow Iraje 03rd May,2023 Closed
The above is the MOM for review took place in last month (March 2023)
GRC Report: Why do we need it?
The main purpose of this report is to cover the following:
Server Role Status Installed Version Latest Available Version OS patching summary
Used
250
Users
Enabled 250
Available
0 Entitled 2700 250
Used 2236 250
Remaining Licenses 464 0
License’s
Used
2236
Connections
Connections 2700
Available
464
• Used : 250
• i-Auth : 2 i-Auth User Risk
• AD : 248 • Local Authentication
• The default password expiry policy enabled for i-auth users is 30
Type of days
Auth • Account lockout policy is unavailable for i-Auth
Password reuse is one of the main reasons why passwords have been questioned as an effective measure to guarantee protection
against intrusion into accounts and systems.
This practice is extremely risky as it allows a malicious agent to have access to numerous accounts with a single string of characters,
being able to steal confidential and valuable data, in addition to extorting a common user.
This type of problem can be especially devastating for organizations, which deal with a variety of information every day and can
respond to legal proceedings if they do not comply with legislation such as the LGPD, which determines how the personal data of
their customers, employees, and suppliers should be handled.
Please note : Above graph shows graphical representation of password enforcement from PAM for April 2023
Management Comment :
Manage Hidden Devices This capability will help you to find out Connection
types. Iraje PAM helps in providing in-depth about IAM
for privileged ids. Below is the status of users and
devices integrated with PAM.
Risks :
• Non PAM 185 devices on high risk *
• High risk on default port SSH, RDP, TELNET and HTTP
*
As per the non usage data from PAM, Approx. 4% of the users never login since more than 120 days.
The above chart displays the list of users who have logged in PAM since 120 days. Also we have observed that there are around
8 users who have never logged into PAM. Below attached excel shows the list of users who have not logged into PAM.
AD Nomenclature Risk :
Default IDs are one of the major contributing factors to large-scale security compromises. Attackers can easily identify and access
internet-connected devices that use shared default passwords. It is imperative to change default manufacturer User ID &
Passwords and restrict network access to critical and important systems only.
To ensure you are protected from these vulnerabilities you need to ensure your devices are not using default user names or
passwords. Refer to the OEM manual that came with your Product / Device or visit the manufacturer’s support website for
instructions to change this information.
The above graph shows the list of target ids integrated in PAM
Management Comment :
Target User Non-Compliance Summary
Target server admin ids non-compliance
• The admin ids which are not integrated with application are at risk.
• Users with privileged accounts are tapped into an enterprise’s most critical systems. Not only do these accounts have the
highest clearance levels, but they also manage and regulate smaller accounts with fewer privileges.
• Since there is no centralized management for these ids, it leads to inconsistent policy enforcement, which can be just as
bad as having no policies at all.
• Also there is lack of monitoring for these privileged ids and an unsecured password management which can be a reason
for cyberattacks by compromised passwords.
Please note : The above scan is performed for sample basis on Windows group
Target User Non-Compliance Summary (Graphical)
Device IP Address Admin Configured in PAM Admin Not Configured in PAM
172.25.1.158 ROOT
172.25.1.159 ROOT
172.25.1.160 ROOT
172.25.1.161 ROOT
172.25.1.162 ROOT
172.25.1.163 ROOT
172.25.1.164 ROOT
172.25.1.165 ROOT
172.25.130.39 ROOT appadmin, sysadmin, user
172.25.130.40 ROOT se
172.25.181.83 ROOT
172.25.181.84 ROOT
172.25.181.85 ROOT
172.25.131.127 ROOT
172.25.131.128 ROOT
172.25.131.129 ROOT
172.25.131.130 ROOT
172.25.131.131 ROOT
172.25.131.132 ROOT
172.25.131.199 ROOT
172.25.131.208 ROOT
172.25.131.238 IRADM1, IRAJADM, ROOT
172.25.131.239 ROOT
172.25.131.245 ROOT
172.25.131.246 ROOT
172.25.131.247 ROOT
172.25.131.248 ROOT
172.25.131.249 ROOT
172.25.131.250 ROOT
172.25.131.251 ROOT
172.25.131.252 ROOT
172.25.132.143 ROOT ciscosda
Please note : The above scan is performed for sample basis on Linux group
Management Comment :
SOD (Segregation of duty) Conflict Summary
A SoD conflict is a situation where one role in an organization has permission to perform more than area access.
PAM Trend Analysis report elaborates about privileged users and connections to track, collect, analyze, and build user
behavior patterns.
Apart from monitoring, this integration offers detailed reports about privileged users, resources, access levels, and
their usage patterns along with a comprehensive history of past operations performed by users.
List of Alerts & Notifications Configured and its Status is given below.
• No PAM vault. • Managing administration for Windows servers • No centralized access controls. Products
• No centralized inventory of all assets in the using Domain Admin Group membership. • Identity management is not centralized. • PAM Vault - Secret Server
environment. • Managing local accounts on each Unix/Linux • Admins access using local admin accounts. • Bastion Service - Remote Access Service
• No easy way to report on user access system and editing local /etc/ sudoers files. • Hard to tell who has access and what privileges • Connection Manager (optional) Integrations
permission and privileges. • Users are often admins of their own they have • SIEM Process Changes
• No easy way to reconcile who has access to workstations. • PAM Vault Training
what, who did what, and who approved access. • Remote Access Training
• Failed audits • IWAR Enablement
• I-URA Enablement
Phase 0
Continue….
PAM Matrix Index
GRC PA IAM Product & Process
Governance, Risk and Compliance Privileged Administration Identity and Access Management
• AU - Audit & Accountability • Specific controls from • AC - Access Control
• CM - Config Management • AC – Access Control • IA - Identity & Authentication
• RA, SA - Risk & Security Assessment • CM - Configuration Management
Model • SI - System & Info Integrity • MA - Maintenance
• SC - System & Communications Protection SP
• Establish an accurate inventory of • Vault and automate periodic rotation for all • Enforce MFA for access to vault, including Products
administrative privileged accounts and administrative accounts. secret check out and remote session initiation. • Server PAM - Server & Cloud Suite
passwords. • Vault Active Directory and Azure privileged • Establish Alternative Admin accounts to prevent • Workstation PAM - Privilege Manager
• Classify credentials and secrets accounts and manage privileged account Groups. using public identities. • DevOps Secrets Vault Integrations
• Discover and vault local administrative • Enforce Alternative Admin and MFA for remote • ITSM for change control, trouble tickets
accounts. access. • SIEM Process Changes
• Establish a secure administrative environment • Privilege Elevation training
for both local and remote sessions. • Third-party access training
• Establish initial privileged access workflow. • IWAR Enablement
• I-URA Enablement
Phase I
Continue….
PAM Matrix Index
GRC PA IAM Product & Process
Governance, Risk and Compliance Privileged Administration Identity and Access Management
• AU - Audit & Accountability • Specific controls from • AC - Access Control
• CM - Config Management • AC – Access Control • IA - Identity & Authentication
• RA, SA - Risk & Security Assessment • CM - Configuration Management
Model • SI - System & Info Integrity • MA - Maintenance
• SC - System & Communications Protection SP
• Discover, classify, and manage local accounts, • Establish basic privilege elevation policies for all • Enforce Multi-Factor Authentication at Products
servers, Groups, roles, and security configuration endpoints (workstations and servers). endpoints for direct log-in and privilege • Privilege Behaviour Analytics
files that might grant privileges across all assets. • Establish just-in-time, just-enough privileges. elevation. • Account Lifecycle Manager Integrations
• Implement real-time session monitoring and • Vault Linux and local administrative credentials • Eliminate local accounts via identity • IGA
security access control policies for endpoints. (passwords and SSH keys). consolidation for Unix and Linux. • SIEM & EUBA Process Changes
• Enforce host-based session, file, and process • Expand remote access control to vendors and • Remove hardcoded credentials and config data • App Developer Security Training
auditing with integration to SIEM. contractors without creating AD accounts. from applications and scripts. • Automate security and compliance
• Integration with ITSM to drive access control • Automate privilege security in DevOps • IWAR Enablement
request workflows tied to help desk tickets. workflows and tooling. • I-URA Enablement
Phase II
Continue….
PAM Matrix Index
GRC PA IAM Product & Process
Governance, Risk and Compliance Privileged Administration Identity and Access Management
• AU - Audit & Accountability • Specific controls from • AC - Access Control
• CM - Config Management • AC – Access Control • IA - Identity & Authentication
• RA, SA - Risk & Security Assessment • CM - Configuration Management
• SI - System & Info Integrity • MA - Maintenance
Model • SC - System & Communications Protection SP
• Integrate with Identity Governance and • Establish more granular policies for privilege • Ensure all connections required for privileged
Administration (IGA) tools for attestation reporting elevation. operations must be mutually authenticated with
and risk-based approvals. • Automate onboarding of new managed assets. cryptographic credentials.
• Leverage audit data, machine-learning, behavioural • Increase MFA from NIST Authenticator Assurance
analytics, and automation to detect, track, and alert to Level 1 (authenticating with an ID and password) to
any threats. NIST Authenticator Assurance Level 2 (AAL2). AAL2 has
• Integrate with User and Entity Behaviour Analytics more identity assurance due to the presence of a
tools (UEBA). second factor.
• Discover and classify service accounts. Implement • Restrict privileged access to registered and company-
service account discovery, provisioning, and owned endpoints.
governance across identity and cloud service • Prohibit privileged access by any client system that
providers. isn’t known, authenticated, properly secured, and
• Harden operating systems and application trusted.
Phase III components. • Require dual authorization for privileged operations
on critical or sensitive systems.
Thank You.