Iraje PAM Unauthorized Access manual for Linux devices version 7.5
Unauthorized accesses in the datacentre are dangerous and risky for any organization. Even after implementing a PAM solution, users have the habit or inclination to access devices directly bypassing PAM. Such accesses not only bypass security but also there is no trace of such activities and when an incident happens, its not possible to find the root cause as the session has been taken outside PAM and the PAM has no audit trails of activities done outside PAM.
Its very important to find such bypasses and alert the security teams on the same. The reason not to block such accesses and just alert the security team is to ensure that in case of disaster there is an opportunity to access the datacentre though it gets alerted.
Train the admins on how to use the Iraje PAM Unauthorized access alerts on Linux/Unix/AIX/Sun Solaris devices. This manual will help the admins get familiar with the Iraje PAM application and how to use it effectively in their environment.
Auditors, Risk Managers, IT Security Teams, Admins using PAM
Iraje PAM provides agent-less solution for unauthorized access alerts on Linux devices.
Iraje PAM provides facility where Super or Group admin PAM users are notified for below activities:
If any user connects to any target server from any privileged or local Id from any other source IP address apart from PAM server IP address
If the login is outside the PAM source IP, then Iraje agent will throw an alert automatically for bypass Id
This feature helps to track outside PAM logins to avoid security risks by preventing users accessing their servers in non-monitored environment
Work-flow for Iraje PAM unauthorized access alerts on Linux Devices
We need to follow below steps to enable PAM bypass alerts for Linux devices
Step 1: Open Iraje ACM. Click on configure 'ACM'
Step 2: To enable by pass alert, select the Linux device from given set of connections
Step 3: Click on a specific server and enable 'Monitoring'
Step 4: To enable Alerts for unauthorized access, click on Alert & enable 'PIM Login By Outside Agent'
Step 5: All alerts are received on email or SMS to Super or Group Admin users
Agent Reports are critical to security to identify the outliers who are bypassing PAM solution to take direct access on the critical assets. This is to identify the people violating security policies of the organization. This is one of the most critical reports for the Audit and Compliance of the organization. These reports are unique to Iraje PAM as unauthorized access report on Linux/Unix/AIX/Sun Solaris is innovative and not there is any other PAM solution as of Mar 2020.
Linux Agent Alert Report
Linux Agent Alert gives details about unauthorized login for Linux devices and alert are sent to Super Admins.
Non Deployed Agent Report
This report gives details about the devices on which the Linux Agent has not been deployed.
Linux Agent Summary Report
Linux Agent Summary displays overall summary of Iraje Agent present on Linux devices.