A healthcare customer had a security incident and in response has implemented a Corrective Action to reduce the risk of command and control of its servers by unauthorized users. As part of the CA installation or use of any application which executes user-editable scripts, user-directed commands or launches user-specified third-party applications and doesn't also implement strong authentication, authorization and non-repudiation auditing is not allowed.

Advice is requested on how to limit the functionality of the PowerAdmin satellite to that of "monitor and report" -- remove the ability to execute scripts, run command-line functions and launch any application not required for PowerAdmin to function. The customer's security team must be able to detect that the abilities are disabled and, if needed, enable the "Monitor and Report" mode on the server running the PA satellite. Additionally, the "Monitor and Report" mode must be persistent and not affected by reinstallation of the PowerAdmin satellite, change of the satellite id and unable to be overridden from the central console. Ideally, the solution would be as simple and elegant as presence or value of a registry key similar to how HTTPS tunnels may be blocked.

In closing, I suspect the need for the "Monitor and Report" mode will only increase as more customers begin adopting more stringent policies

asked 14 hours ago

IamMJ's gravatar image

IamMJ
1136
accept rate: 0%


That's a very interesting use case. Sort of a read-only mode. That would mean disabling:

Monitors:

  • Calculated Status
  • Execute Script
  • Plugin Monitor

Actions:

  • Execute Script
  • Reboot Computer
  • Start Application
  • Start, Stop or Restart Service

I'm guessing this is a scenario where the server is being monitored by an MSP who uses PA Server Monitor, and that's why they don't want the setting to be overridden by the Central Server. Is that true?

link

answered 14 hours ago

Doug's gravatar image

Doug ♦♦
10.3k122138
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×18
×4
×2
×2

Asked: 14 hours ago

Seen: 5 times

Last updated: 14 hours ago