Imprivata Privileged Access Management Product Update 2.3.201812121821
December 9, 2018
PAM Update: Adds reporting about protocol used during connection, control over file transfers, and IP filter for REST API tokens
Highlights of this update include support to collect and report details about the protocol used during the high-trust sessions, IP filtering for token-based REST API calls and also the option to disable file transfer to and from remote endpoints.
Added support to collect and report details about the protocol used during the high-trust session
PAM session report now includes details about the protocol used during connection to a remote computer.
For in-browser sessions to Windows or Unix computer, it is usually an obvious piece of information: RDP for Windows and SSH for Unix (unless a record used to be a Windows Host earlier and then switched to a Unix Host in which case it is possible to see different protocols used for different sessions over time).
However, when it comes to native clients the situation becomes more complicated.
A native SSH client might open an SSH Shell channel (like PuTTY does) or SFTP channel (like WinSCP) or both of them at the same time.
PAM also supports the Exec channel (that executes a command on a remote computer without an interactive shell) and the SSH Tunnel channel.
One single native client might open multiple sessions with different protocols or even multiple channels inside the same sessions (in this case PAM will list multiple protocols for the same session).
It became easier to distinguish different sessions opened by the same native client connection based on the protocol they use.
In addition to that this update added protocol information to the audit log record about creating a new session and even about adding a new channel inside the existing session.
For example, the SSH session opens a Tunnel channel much later after the tunnel connection is made but rather at the time when an application actually connects to the exposed end of the tunnel.
Added support to disable File Transfer option for all system users
File transfer to and from remote computers during the high-trust sessions is a sensitive operation because it allows users to upload or download large volumes of critical data.
With this update, PAM introduces the option to disable file transfer in the active sessions for sensitive remote endpoints stored in vaults that required such special access.
Added support to limit the location of originator of token-based REST API calls by IP Filter
PAM provides REST API for all functions and operations to allow scripts and 3rd party applications to utilize PAM functionality.
Typically, consumers of PAM API authenticate using PAM API tokens rather than user and password.
This update allows administrators to generate tokens to authenticate only those consumers that access PAM from specified locations (or optionally outside of them) to limit the applications that can use tokens to access PAM.