Privileged accounts essentially involve significant information security risks: compromising of privileged access to the system might lead to severe financial and reputational loss of the company. However, the administrative accounts are routinely protected with password authentication, which is obviously disadvantageous: passwords can be mined or passed to another person without proper authorization. Also, passwords have to be changed promptly when an employee is dismissed. Such problems with administrative access pose a significant threat to the company security. It is necessary to use special Privileged Access Management class solutions to eliminate this risk. The first step to the problem solution is implementation of automatic management for passwords of privileged accounts.


Task description

The tasks of password management for privileged accounts can be formulated as follows:

  • Passwords should be hidden from the employees. In other words, there should be an opportunity to grant an administrative access to the system without revealing the password itself.
  • Passwords should be automatically changed to a randomly generated values on a regular basis. This allows to increase the security level and alleviate the risks of using the password in explicit form.
  • There must be an opportunity to grant access rights granularly and to revoke those at any moment. There must be an opportunity to grant an administrative access to explicitly defined servers only.


Solution

To solve the mentioned tasks, the Indeed Privileged Access Manager (Indeed PAM) software suite is used. The suite stores privileged accounts centrally and manages them.

Indeed Privileged Access Management has the following features.

Password Management Functions

  • Granting an administrative access (or session) without revealing the privileged account password
  • Regular change of passwords for privileged accounts
  • An opportunity to grant administrative access to the defined resources (servers) only.

Supported account types

  • Microsoft Active Directory
  • Windows OS accounts
  • Linux OS accounts (passwords and SSH-keys)
  • Accounts for access to networking hardware

Search for privileged accounts

The Indeed PAM contains a module that searches for privileged accounts, registers those in the system and prompts to get those under control.

Regular automatic change of passwords for privileged accounts

The Indeed PAM regularly changes the passwords of privileged accounts to a random value, complying with the requirements to both the complexity of passwords and the interval between password changes.

General architecture scheme of Indeed PAM to solve the password management task is given below.