Symantec Privileged Access Management

Hello,

First question: Is it accurate to state the security for an account with and A2A alias is dependent on three things:

1. The correct Alias identifier used in the API call
2. The path of the script making the API call
3. The hostname of the server of the API call

We have at least identified the possibility of a root user being able impersonate a legitimate API call.

We would like to understand what a good implementation looks like that protects the A2A API from attack.

Hello Chris, Please review documentation page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/implementing/protect-privileged-account-credentials/manage-credentials-between-applications-a2a/configure-a2a-authorization-mappings.html, specifically section "Request Validations".
Original Message:
Sent: 05-21-2020 10:30 AM
From: Chris Scott
Subject: Security of A2A - Protecting the API from attack

Hello,

First question: Is it accurate to state the security for an account with and A2A alias is dependent on three things:

1. The correct Alias identifier used in the API call
2. The path of the script making the API call
3. The hostname of the server of the API call

We have at least identified the possibility of a root user being able impersonate a legitimate API call.

We would like to understand what a good implementation looks like that protects the A2A API from attack.