|
|
|
Terminal integration lets you integrate your CA Access Control endpoints with PUPM to track the activities of users who use privileged accounts. Terminal integration works only when a user checks out a privileged account password and uses automatic login to log in to the CA Access Control endpoint.
Terminal integration lets you increase security and accountability, as follows:
If you specify that CA Access Control uses the original user name when it writes audit records and makes authorization decision, CA Access Control accumulates the audit mode for the login session. The accumulated audit mode uses the audit mode for the original user and the audit mode for the privileged account. If the original user is not defined in the CA Access Control database, CA Access Control accumulates the audit mode for the default user and the audit mode for the privileged account.
For example, you configure terminal integration for an endpoint. On the endpoint, the audit mode for user1 (the original user) is Failure and the audit mode for a privileged account named privileged_user is Success. When user1 uses automatic login to log in to the endpoint as privileged_user, CA Access Control sets the audit mode for the login session to Failure, Success.
You can use terminal integration only on Windows Agentless and SSH Device endpoints on which CA Access Control is installed. In addition, the user must use automatic login to check out the privileged account password.
Terminal integration is enabled by default when you install CA Access Control with the PUPM integration feature enabled. After you install CA Access Control, you use CA Access Control Endpoint Management to configure terminal integration on the endpoint.
Example: A Login Event Audit Record
The following example shows a login event audit record for an account for which you configured terminal integration. You specified that a user must use PUPM automatic login to log in to the endpoint.
Event type: Login attempt Status: Denied User name: example1\administrator Terminal: example1.domain.com Program: Terminal services Date: 27 May 2010 Time: 17:35 Details: Automatic login is required for this account User Logon Session ID: 7dd2b3dc-8a1a-4ffa-8e7d-f9bc20d2b341 Audit flags: OS user
Example: A Resource Access Audit Record
The following example shows a resource access audit record for an account for which you configured terminal integration. You specified that CA Access Control uses the original user name, not the privileged account user name, when it writes audit records and makes authorization decisions. The original user name (user1) is listed in the user name field and the privileged account (administrator) is listed in the effective user name field.
Event type: Resource access Status: Denied Class: FILE Resource: C:\tmp\core.txt Access: Exec User name: domain\user1 Terminal: example1.domain.com Program: C:\WINDOWS\system32\cmd.exe Date: 02 Feb 2010 Time: 14:20 Details: No Step that allowed access User Logon Session ID: 7dd2b3dc-8a1a-4ffa-8e7d-f9bc20d2b341 Audit flags: OS user Effective user name: example1\administrator.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |