Terminal integration lets you integrate your CA ControlMinder endpoints with SAM to track the activities of users who use privileged accounts. Terminal integration works only when a user checks out a privileged account password and uses automatic login to log in to the CA ControlMinder endpoint.
Terminal integration lets you increase security and accountability, as follows:
If you specify that CA ControlMinder uses the original user name when it writes audit records and makes authorization decision, CA ControlMinder accumulates the audit mode for the login session. The accumulated audit mode uses the audit mode for the original user and the audit mode for the privileged account. If the original user is not defined in the CA ControlMinder database, CA ControlMinder accumulates the audit mode for the default user and the audit mode for the privileged account.
For example, you configure terminal integration for an endpoint. On the endpoint, the audit mode for user1 (the original user) is Failure and the audit mode for a privileged account named privileged_user is Success. When user1 uses automatic login to log in to the endpoint as privileged_user, CA ControlMinder sets the audit mode for the login session to Failure, Success.
You can use terminal integration only on Windows Agentless and SSH Device endpoints on which CA ControlMinder is installed. In addition, the user must use automatic login to check out the privileged account password.
Terminal integration is enabled by default when you install CA ControlMinder with the SAM integration feature enabled. After you install CA ControlMinder, you use CA ControlMinder Endpoint Management to configure terminal integration on the endpoint.
Example: A Login Event Audit Record
The following example shows a login event audit record for an account for which you configured terminal integration. You specified that a user must use SAM automatic login to log in to the endpoint.
Event type: Login attempt Status: Denied User name: example1\administrator Terminal: example1.domain.com Program: Terminal services Date: 27 May 2010 Time: 17:35 Details: Automatic login is required for this account User Logon Session ID: 7dd2b3dc-8a1a-4ffa-8e7d-f9bc20d2b341 Audit flags: OS user
Example: A Resource Access Audit Record
The following example shows a resource access audit record for an account for which you configured terminal integration. You specified that CA ControlMinder uses the original user name, not the privileged account user name, when it writes audit records and makes authorization decisions. The original user name (user1) is listed in the user name field and the privileged account (administrator) is listed in the effective user name field.
Event type: Resource access Status: Denied Class: FILE Resource: C:\tmp\core.txt Access: Exec User name: domain\user1 Terminal: example1.domain.com Program: C:\WINDOWS\system32\cmd.exe Date: 02 Feb 2010 Time: 14:20 Details: No Step that allowed access User Logon Session ID: 7dd2b3dc-8a1a-4ffa-8e7d-f9bc20d2b341 Audit flags: OS user Effective user name: example1\administrator.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|