Iraje Command Controller manual version 7.5

Introduction

Iraje PAM provides Command Controller module. Command Controller allows restricting and controlling privileged users through defined rules. The functionality provides the command restricting and filtering capabilities for ensuring secure, authorized and controlled access to target systems. The solution minimizes the risk surface by providing deepest levels of granular control over data controllers and data processors.

Purpose

Command Controller has many advantages, such as:

  • Control: Command controller helps PAM admins to restrict commands ensuring the commands executed are within the organizations policy.

  • Monitor: PAM admins can monitor the critical assets of the organization and also the users who are trying to execute commands that are restricted.

  • Access level: Command controller module enables to restrict command at different levels.

  • Security: This module makes the environment safe and secure as the users are restricted to using only those commands that they are eligible.

Target Audience

Admins Using Iraje PAM | Auditors | Information Security Team

Classification of Command Controller

Iraje PAM provides 3 classifications of Command Controller options:

At Group Level

Command controller for group level enables to restrict / allow commands for the entire group. This saves a lot of time and effort, if the group consist of connections for which similar commands needs to be restricted / allowed.

At Connection Level

Command controller for connection level enables to restrict / allow commands for specific connection. It ensures that special requirements are taken care of when certain commands need to be restricted / allowed for only for single connection.

At User Level

Command controller for user level enables to restrict / allow commands for a specific user configured in PAM solution. This level helps in achieving the complete control on the users and helps in monitoring which in turn makes the environment secure.

Operating Procedure for Command Controller

    Step 1: Enter Username and Password, select Domain and Authentication method and click on Sign-In

    Step 2: Click on 'Access Control Manager'

    Step 3: Click on 'Directory Access'

    Step 4: Select the 'Group' name and click on 'Connect'

    Step 5: Click on 'Access Control Master'

    Step 6: Enter search conditions as per requirement i.e. IP, Username, Type, Envelop and click retrieve connections

    Step 7: After retrieve connection, select the connection and click 'ok'

    Step 8: Right click on 'connection' and click on 'Command Controller'

    Step 9: Command controller window pop ups, enter the required details

    Step 10: For Command Controller at group level, specify the command whether it should be Restrict / Allow.

    Step 11: For Command Controller connection level, specify the command and state if command should be Restrict / Allow

    Step 12: For Command Controller at User level, specify the command whether it should be Restrict / Allow

    Step 13: Click on 'Regex Test' to test configuration and then click 'OK'

User Experience when User executes restricted commands

Group Level: Error will be shown when user tries to execute restricted command in the specified group

Connection Level: Error will be shown when user tries to execute restricted command at connection level

User Level: Error will be shown when user tries to execute restricted command at User level

Command Controller Reports

An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.

Restricted Command Executed

Restricted Command Executed Report provides the details of restricted commands executed in the command line by users.

Command Restricted Report – By Group

Command Restricted by Group provides the report that provides details of command restricted at group level

Command Restricted Report – By Connection

Command Restricted by Connection provides the report that provides details of command restricted at connection level.

Command Restricted Report – By User

Command Restricted by User provides the report that provides details of command restricted at user level.