INTERNET EXPOSED PORTS

A brief description of this feature

What are the benefits of using Fine Grained Policy?

Pass-the-Hash (PtH) attacks against the Windows operating systems are becoming common. Microsoft wants organizations to assume that a breach has already occurred in order to highlight the need for a more mature defense. In most organizations, the Local Administrator Password is shared amongst many administrators and is a small set of static strings. This raises major security concerns specially when it comes to Pass-the-Hash attacks.


With Synergix Secrets Vault ( Seva ) installed, one specific Local User Account Logon Name and Password are system generated and stored in the key vault in an encrypted form. Use of Local User Account avoids the need to share Local Administrator Account Password with remote users, who may be facing technical issues with their computer. Issues related to domain trust relationship or network configuration may prevent end users from logging in with On Premises AD domain account or possibly, with Azure AD user account. By providing Local User Account Credentials, system administrators can maintain the security of endpoints and gain access via Remote Desktop Management tool or third-party tool like Teamviewer to troubleshoot the issue and restore full functionality.


Another Use Case Scenario is when a business user is traveling and is discouraged from connected to untrusted WiFi network, such as at a coffee shop or a hotel. They can be required to first login with Local User Credentials, connect to WiFi network, logout and log back in with their On Prem AD Domain Credentials or Azure AD Credentials.


Seva supports Windows 7.0 SP1 to Windows Server 2019 computers, that are Azure AD joined, On Premises AD joined, Workgroup joined or in any other hosted environments, including Amazon, Google, etc.

LEDR

Fine Grained Policy characteristics

Encryption

Administrator Password is encrypted using unique encryption key

Remote Desktop

Remote Desktop connection can be established without typing username or password

Auditing

Integrated Audit Logs

Unique Password

Local Administrator Password is unique and varies in length from 16 to 48 characters

Business Justification

Requestor is required to type business justification before opening the password vault

Instrumentation

Computer properties, from various WMI classes, are stored in a database.

No Schema Changes

No Schema Changes are required as passwords are stored in the vault.

Least Privileges

Workflow is built following the principle of least privileges

Delegation

Leverages delegation in Azure AD to manage access to the vault

Password Masking

By default, password is masked, when first retrieved.

Have a question?
Send us a message






    By submitting, I agree to the use of my personal data in accordance with the OPTAGUARD Privacy Policy.