Website under construction

124 
CHAPTER 4 | Security and identity 

A REST Endpoint 

Windows PowerShell (using the New-PAMRequest cmdlet) 
These simple methods can be integrated into other tools like automation runbooks and ticketing 
systems to provide further control on the overall process. 
Earlier in this chapter, we mentioned the concepts and technology of JIT and JEA, PAM is a way of 
implementing this for your environment. Like JIT and JEA, PAM provides time-bound privileges to the 
request account and, of course, link it to the privileged group that has the necessary permissions to 
perform the task. 
You also can adjust the Kerberos ticket lifetime to ensure it has the lowest possible Time-to-Live (TTL) 
value. This way, if you sign in and receive a Kerberos ticket, its lifetime will be bound to the time 
remaining from the total amount of time PAM has granted you access to the privileged group. 
PAM also comes with a variety of new monitoring features to provide greater insight with respect to 
who requested access, what type of access was actually granted, and, more important, what activities 
that person performed during the privileged-access assignment. 
You can view this information MIM or in the Event Viewer, or if you already have System Center 
Operations Manager 2012 provisioned and use the Audit Collection Services, you can create 
visualizations of the information. Other third-party tools and Operations Management Suite (OMS) 
will be able to visualize the information in the future, as well. 

Download 13,37 Mb.

Do'stlaringiz bilan baham: