Hardening Securden at the Application Level¶
Securden provides you with tools for secure access management right out of the box. We also recommend certain security best practices for you to follow and make your instance completely robust in nature. Some of the recommendations listed below should be veri˜ed from time to time.
Secure the local admin account¶
When you create the first user in PAM, it is a privileged local admin account that you can use when your domain is down. We recommend protecting this account with a very strong password. This password should be stored in a physical safe with limited access (there is no need to use this account except in emergencies where other accounts are not working if AD is down or for some other reason).
Review activity reports¶
It is a good practice to regularly review the activity and permissions reports. This can help find anomalies in system access. Use Event notifications or SIEM to notify of any security anomalies. Event notifications can be used to send email alerts on various events in the system, and Syslog can send PAM events to a SIEM tool for correlation. This might be used to notify administrators if there are failed login attempts or if certain credentials are viewed, and so on.
Limit the number of super-administrators¶
You can choose to completely eliminate the super administrator role from your organization. (Since the super administrator is used for break glass scenarios, if you choose to not have any super administrators, you will not be able to take a complete backup of all passwords for of°ine use.) You should decide whether you want to have the super administrator role in Securden.
If you want to keep the role, you can also limit the number of super administrators allowed. The recommended approach is to create one or two super administrators and then completely turn off further creation.
Navigate to Admin >> Customization >> Configurations to enable or disable creation of super admins.
Limited administrative access¶
Reducing the number of privileged accounts and/or the extent of their privileges reduces the overall attack surface. This is true both for the enterprise as a whole and for each solution implemented, including Securden PAM. The core principle of this control is that there should only be a few Securden administrators, and they should only possess limited privileges unless elevated through a strong approval process.
If you want to keep the role, you can also limit the number of super administrators allowed. The recommended approach is to create one or two super administrators and then completely turn off further creation.
- Eliminate unnecessary Securden PAM administrative accounts.
- Reduce privileges of Securden PAM administrative accounts.
- Restrict administrators to only access accounts either owned by them or shared with them. (enabled by default)
- Require privilege elevation (with dual control or ticketing system integration) for system configuration changes or to access credentials that the Securden PAM administrator does not have a valid reason to access otherwise.
- Use the audit trails section to closely monitor Securden administration
- Require multi-factor authentication for all avenues of administrative access.
Protect sensitive accounts and encryption keys¶
Like many applications, the Securden PAM has sensitive accounts and encryption keys. These sensitive accounts come in two forms: administrators and super administrators.
- Ensure that access to the administrator and super administrator credentials requires more than one individual.
- Consider storing the super administrator password in a physical safe.
- Store the encryption key in a secure location.
Have a robust disaster recovery plan¶
Having a disaster recovery plan that specifically takes into account your organization’s Securden PAM deployment, and periodically validating it will ensure that you can quickly recover your data and restore operations, in the unlikely event of a disaster.
A good disaster recovery plan begins with an assessment of the various risks, the likelihood of occurrence, and their impact. The disaster recovery plan needs to provide information about the physical infrastructure, key contacts, processes to access out-of-band credentials, and procedures to recover from likely and/or high-impact problems. Furthermore, it is important to ensure that Uni˜ed PAM is included and accounted for as a vital step in recovery as part of your general disaster recovery process, throughout the enterprise.
Login password requirements¶
Passwords that are used by local users to log in to Uni˜ed PAM can be strengthened by enforcing best practices such as requiring a minimum length and the use of various character sets. Configure the password complexity rules for local users to match the policies of your organization.
Multi-factor authentication¶
Users must authenticate to PAM at least once by using either local PAM credentials or their Active Directory credentials. However, as a contingency method for situations where the password gets compromised, you can protect yourself by enabling two-factor authentication (MFA) in PAM.
Role based access¶
PAM uses role-based access control, which allows administrative and user capabilities to be partitioned by these roles. This can allow for granular control over which areas of the application a user has access.
For example, granting someone the right to view reports in PAM, but no other administrative permissions otherwise.
Separation of duties¶
PAM administration workflows allow for the delegation of administrative functions to different users.
The workflows can also create a dual-control environment where important administrative functions could only be performed with the peer approval of other administrators.