Escolar Documentos
Profissional Documentos
Cultura Documentos
2 Baseline scenario
3 Plaintext passwords
4 Basic approach
5 Catch-22?
How does the script or application authenticate itself to the Hitachi ID Privileged Access Manager
system?
Using an ID and password?
Unattended processes cannot use a token or smart card ...
If using PKI then a password is needed to unlock the private key / certificate ...
6 Analysis
There is no silver bullet for this problem.
Just like perpetual motion machines.
Somebody "invents" a new one every year.
How do we make life more difficult for an attacker?
Assume hes compromised:
The applications source code...
The servers filesystem...
Backup media...
It seems we cant get away from a password at some point in the process.
How about changing this password often?
Like every time its used!
And verifying that connections come from a server at the expected location.
8 Authentication
10 Authentication
11 API wrapper
Important layer to manage:
Complexity of SOAP.
OTP change management and serialization.
Password caching.
Encryption and key generation.
The wrapper is available as:
Animation: ../../pics/camtasia/pam-api-cmd/pam-api-cmd.mp4
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com