What is Credential Check in and Credential Check out in PAM

--> In Privileged Access Management (PAM), Credential Check-In and Credential Check-Out refer to the lifecycle management of privileged credentials to enhance security and control. 

--> These concepts are commonly used in solutions like BeyondTrust, Delinea, CyberArk, and FortiPAM to manage access to sensitive accounts.

Credential Check-Out

The term "Checkout" in Privileged Access Management (PAM) is derived from the analogy of checking out a book from a library or borrowing an item for temporary use. It implies that the privileged credentials are being temporarily assigned to a user for a specific task or period

• When a user needs to access a privileged account (such as an admin or root account), they "check out" the credentials from the PAM system.
• The PAM system provides the user a temporary password or direct access without revealing credentials.
• The checkout process can include approval workflows, multi-factor authentication (MFA), and session recording for auditing.
• The checked-out credentials are typically time-limited and can be revoked if necessary.

Credential Check-In

• When the user is done using the privileged account, they "check-in" the credentials back into the PAM system.
• The PAM system then automatically rotates (changes) the password to prevent reuse, ensuring security.
• This ensures that even if a user memorizes or saves the old password, they cannot use it again.
• Check-in might also trigger logging and compliance reporting to track access history.

Best Regards,

Kareem

Read More

Why do we need to Install Endpoint Security Solutions in Non Bootable Disk?

Installing Endpoint Security Solutions such as EPM and EDR on a non-bootable disk (secondary disk or separate partition) offers several advantages, especially from a security, performance, and disaster recovery perspective:

1. Reduced Risk of Malware Attacks: If malware compromises the bootable disk (typically C: drive), the Endpoint Security Application files on a separate non-bootable disk are less likely to be affected, ensuring the management console remains intact.

2. Isolation from OS Vulnerabilities: Keeping the Endpoint Security Application on a separate disk isolates it from OS-related vulnerabilities, minimizing risks from OS-level attacks.

3. Simplified Backup and Restore: You can back up Endpoint Security Application data separately from the OS, streamlining disaster recovery processes.

4. Optimized Disk Usage: It allows for dedicated disk resources, which can be especially useful in large environments with many End Machines.

5. Protection Against File System Corruption: In case of file system corruption on the primary boot drive, Endpoint Security Application data and logs remain safe on the non-bootable disk

6. Easy OS Reinstallation: If you need to reinstall or upgrade the OS, you can do so without impacting the Endpoint Security Application, as it resides on a separate disk.

Best Regards,

Kareem

Read More

Palo Alto IPSEC connectivity Issue

 I recently faced an issue with Site to Site VPN connectivity between the two Palo Alto Firewalls. They were behind the NAT Device or Internet Router. The WAN interface is configured with the Private IP address.

The Site 2 Site VPN tunnel was not forming at all between the two Palo Alto Firewalls, It formed only when I added the following settings below for Local Identification and Peer Identification with the Public IP address:

Best Regards,

Kareem

Read More