Symantec Privileged Access Management

 View Only
  • 1.  how to secure PAM VM console, therefore VM administrator will not make unauthorized changes to PAM VM

    Posted May 22, 2019 04:56 PM

    A deployed PAM VM by default without password can be accessed from VMware console to make network and other changes......How to prevent it? 



  • 2.  Re: how to secure PAM VM console, therefore VM administrator will not make unauthorized changes to PAM VM
    Best Answer

    Broadcom Employee
    Posted May 22, 2019 10:27 PM

    Hello Alex, Please go to Configuration, expand Security on the left and select the Access page under it. It contains the option you are looking for. This is documented on page https://docops.ca.com/ca-privileged-access-manager/3-2-4/en/implementing/configuring-your-server/configure-security-settings/server-access-options-configuration



  • 3.  Re: how to secure PAM VM console, therefore VM administrator will not make unauthorized changes to PAM VM

    Posted May 23, 2019 07:31 AM

    Thank you Ralf, but this option is binary - either the VM console access is completely disabled or wide open. I was looking for a password protection or another security control.   



  • 4.  Re: how to secure PAM VM console, therefore VM administrator will not make unauthorized changes to PAM VM

    Broadcom Employee
    Posted May 23, 2019 04:23 PM

    Hi Alex, There is no additional control on the PAM side. You should be able to control access to the VM on the VM server side to minimize the risk of the wrong person making changes to the VM. Someone with access to the console would also be able e.g. to stop the VM, which I would regard a more severe concern. Going into the configuration and changing network parameters requires deliberate action and would not be done by accident or mistake. If you would like to see an additional layer of protection for the PAM console anyway, please raise an idea in this community.