Introduction to the business challenges of securely managing access to privileged accounts and the technical approaches available to secure administrator, service and application-to-application IDs.
2. Contents
1 What are the business problems related to privileged accounts? 1
2 How does a privileged access management system work? 1
3 How often should passwords on privileged accounts be changed? 2
4 How should access to privileged accounts be controlled? 2
5 Can these systems support a "two keys to launch" scenario? 3
6 What about securing passwords to Windows service accounts? 3
7 How about mainframes, ERP applications and other systems? 4
8 Are there alternatives to displaying passwords to administrators? 4
9 Can single sign-on be included? 4
10 What happens a login to the physical console of a server is needed? 5
11 What about privileged accounts on laptops? 5
12 Can the administrator actions be recorded? 6
i
8. Privileged Access Management Frequently Asked Questions
12 Can the administrator actions be recorded?
Modern privileged access management systems support session recording. This technology is used to
record login sessions made by administrators to privileged accounts and later search and playback of these
sessions.
The approaches used to accomplish this vary widely:
1. Instrumentation installed in advance on the user’s PC.
2. Instrumentation on the user’s PC implemented dynamically via ActiveX.
3. Instrumentation on managed servers.
4. A proxy server which intercepts, records and analyzes connection protocols.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: / pub/ wp/ documents/ faq/ hipam/ pam-faq-generic-1.tex
Date: 2011-07-21