Iraje Command Controller manual version 7.5
Introduction
Iraje PAM provides Command Controller module. Command Controller allows restricting and controlling privileged users through defined rules. The functionality provides the command restricting and filtering capabilities for ensuring secure, authorized and controlled access to target systems. The solution minimizes the risk surface by providing deepest levels of granular control over data controllers and data processors.
Purpose
Command Controller has many advantages, such as:
-
Control: Command controller helps PAM admins to restrict commands ensuring the commands executed are within the organizations policy.
-
Monitor: PAM admins can monitor the critical assets of the organization and also the users who are trying to execute commands that are restricted.
Access level: Command controller module enables to restrict command at different levels.
-
Security: This module makes the environment safe and secure as the users are restricted to using only those commands that they are eligible.
Target Audience
Admins Using Iraje PAM | Auditors | Information Security Team
Classification of Command Controller
Iraje PAM provides 3 classifications of Command Controller options:
At Group Level
Command controller for group level enables to restrict / allow commands for the entire group. This saves a lot of time and effort, if the group consist of connections for which similar commands needs to be restricted / allowed.
At Connection Level
Command controller for connection level enables to restrict / allow commands for specific connection. It ensures that special requirements are taken care of when certain commands need to be restricted / allowed for only for single connection.
At User Level
Command controller for user level enables to restrict / allow commands for a specific user configured in PAM solution. This level helps in achieving the complete control on the users and helps in monitoring which in turn makes the environment secure.
Operating Procedure for Command Controller
Step 1: Enter Username and Password, select Domain and Authentication method and click on Sign-In
Step 2: Click on 'Access Control Manager'
Step 3: Click on 'Directory Access'
Step 4: Select the 'Group' name and click on 'Connect'
Step 5: Click on 'Access Control Master'
Step 6: Enter search conditions as per requirement i.e. IP, Username, Type, Envelop and click retrieve connections
Step 7: After retrieve connection, select the connection and click 'ok'
Step 8: Right click on 'connection' and click on 'Command Controller'
Step 9: Command controller window pop ups, enter the required details
Step 10: For Command Controller at group level, specify the command whether it should be Restrict / Allow.
Step 11: For Command Controller connection level, specify the command and state if command should be Restrict / Allow
Step 12: For Command Controller at User level, specify the command whether it should be Restrict / Allow
Step 13: Click on 'Regex Test' to test configuration and then click 'OK'
User Experience when User executes restricted commands
Group Level:
Error will be shown when user tries to execute restricted command in the specified group
Connection Level:
Error will be shown when user tries to execute restricted command at connection level
User Level:
Error will be shown when user tries to execute restricted command at User level
Command Controller Reports
An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.
Restricted Command Executed
Restricted Command Executed Report provides the details of restricted commands executed in the command line by users.
Command Restricted Report – By Group
Command Restricted by Group provides the report that provides details of command restricted at group level.
Command Restricted Report – By Connection
Command Restricted by Connection provides the report that provides details of command restricted at connection level.
Command Restricted Report – By User
Command Restricted by User provides the report that provides details of command restricted at user level.