Iraje PAM Unauthorized access manual for Linux devices version 7.5

Introduction

Unauthorized accesses in the datacentre are dangerous and risky for any organization. Even after implementing a PAM solution, users have the habit or inclination to access devices directly bypassing PAM. Such accesses not only bypass security but also there is no trace of such activities and when an incident happens, its not possible to find the root cause as the session has been taken outside PAM and the PAM has no audit trails of activities done outside PAM.

Its very important to find such bypasses and alert the security teams on the same. The reason not to block such accesses and just alert the security team is to ensure that in case of disaster there is an opportunity to access the datacentre though it gets alerted.

Purpose

Train the admins on how to use the Iraje PAM Unauthorized access alerts on Linux/Unix/AIX/Sun Solaris devices. This manual will help the admins get familiar with the Iraje PAM application and how to use it effectively in their environment.

Target Audience

Auditors, Risk Managers, IT Security Teams, Admins using PAM

Operating Procedure

Iraje PAM provides agent-less solution for unauthorized access alerts on Linux devices.

Iraje PAM provides facility where Super or Group admin PAM users are notified for below activities:

• If any user connects to any target server from any privileged or local Id from any other source IP address apart from PAM server IP address

• If the login is outside the PAM source IP, then Iraje agent will throw an alert automatically for bypass Id

This feature helps to track outside PAM logins to avoid security risks by preventing users accessing their servers in non-monitored environment

Work-flow for Iraje PAM unauthorized access alerts on Linux Devices

We need to follow below steps to enable PAM bypass alerts for Linux devices

Step 1: Open Iraje ACM. Click on configure 'ACM'

Step 2: To enable by pass alert, select the Linux device from given set of connections

Step 3: Click on a specific server and enable 'Monitoring'

Step 4: To enable Alerts for unauthorized access, click on Alert & enable 'PIM Login By Outside Agent'

Step 5: All alerts are received on email or SMS to Super or Group Admin users

Reports

Agent Reports are critical to security to identify the outliers who are bypassing PAM solution to take direct access on the critical assets. This is to identify the people violating security policies of the organization. This is one of the most critical reports for the Audit and Compliance of the organization. These reports are unique to Iraje PAM as unauthorized access report on Linux/Unix/AIX/Sun Solaris is innovative and not there is any other PAM solution as of Mar 2020.

Linux Agent Alert Report

Linux Agent Alert gives details about unauthorized login for Linux devices and alert are sent to Super Admins.

Non Deployed Agent Report

This report gives details about the devices on which the Linux Agent has not been deployed.

Linux Agent Summary Report

Linux Agent Summary displays overall summary of Iraje Agent present on Linux devices.