Expanding UNIX Native Security
The following features expand native security.
capamsc141
The following
Privileged Access Manager
features expand native security.Superuser Account Limitations
Users who administer and manage operating systems are typically members of predefined accounts. These accounts are automatically created during the system setup, such as the root account on UNIX systems and the Administrator account on Windows systems. Each of the predefined accounts exists to perform a certain set of system functions.
For example, users acting as root or Administrator can create, delete, and modify users and lock, reconfigure, and shut down servers.
One of the major security risks is that an unauthorized user gains control of these accounts. If this happens, the user can seriously damage the system.
Privileged Access Manager
can limit the rights that are granted to these accounts. The product can limit the rights of members of user groups that have these accounts as members. This reduces the vulnerability of your operating system.Privileged Access Manager
AdministratorWhen you install
Privileged Access Manager
, you are asked to name one or more Privileged Access Manager
administrators. Administrators have the authority to modify all or part of the rules database. You should have at least one full-authority administrator. This administrator can modify or create access rules freely and can designate other levels of administrators.Once you have defined users for your system, you can assign administrative authority to other users by assigning the ADMIN attribute to them.
Note:
A user with the ADMIN attribute possesses powerful authority. Consequently, the number of ADMIN users should be strictly limited. It is also a good policy to separate the roles of the native superuser and ADMIN, removing the ADMIN attribute from the superuser after you have set up one or more Privileged Access Manager
security administrators.Because you always need at least one user with authority to manage the database,
Privileged Access Manager
does not let you delete the last user that has the ADMIN attribute.If you expect any of the
Privileged Access Manager
administrators to administer other hosts from this workstation, be sure that a rule in the database on that host gives them READ and WRITE access from this workstation.Sub Administration
Privileged Access Manager
contains a sub administration
feature. This lets administrators grant specific privileges that enable regular users to manage specific classes. These users are then called sub administrators.For example, you can allow a specific user to manage users and groups only.
You can also specify a higher level of sub administration by granting access not only for specific classes, but for specified records in these classes.
Administration Rights for Regular Users
Privileged Access Manager
lets you grant ordinary users (non-administrators) the rights and privileges to perform administrative tasks without being members of the Administrators group. The ability to delegate tasks by granting administrative privileges in this granular way is a significant advantage of Privileged Access Manager
.- A record in the SUDO class stores a command script to allow users to run the script with borrowed permissions.
- The data property value is the command script. This value can be modified by adding to it optional script parameter values.
- Each record in the SUDO class identifies a command for which a user can borrow permissions from another user.
- The key of the SUDO class record is the name of the SUDO record. This name is used instead of the command name when a user executes the commands in the SUDO record.
Program Pathing
Program pathing
is an access rule associated with a file that requires that the file is accessed only through a specific program. Program pathing greatly increases the security of sensitive files. Privileged Access Manager
lets you use program pathing to provide additional protection for the files in your system.B1 Security Level Certification
Privileged Access Manager
includes the following B1 Orange Book features: security levels, security categories, and security labels.- Accessors and resources in the database can be assigned asecurity level. The security level is an integer from 1 through 255. An accessor can gain access to a resource only if the accessor has a security level equal to or greater than the security level assigned to the resource.
- Accessors and resources in the database can belong to one or moresecurity categories. An accessor can access a resource only if the accessor belongs to all of the security categories assigned to the resource.
- Asecurity labelis a name that associates a particular security level with a set of zero or more security categories. Assigning a user to a security label gives the user both the security level and any security categories that are associated with the security label.
Note:
For more information about B1 Orange Book features, see the Implementation
section.