Thycotic Secret Server Discovery

Thycotic Secret Server Discovery

 What is discovery in Thycotic Secret Server:

• Discovery finds secrets in an IT environment and imports them into secret server.
• Secret server is most effective when it covers all privileged accoutns
• Discovery helps to eliminate,
• • Unknown privileged accounts
  • Backdoor Access
  • Gaps in security
• Auditors want automated processes to reduce human mistakes

Discovery types

Out-of-box:

• AD (using LDAPs and WMI)
• • Domain Computers' local accounts
  • Domain accounts
  • Domain accounts running 
  • • Window Services
    • Scheduled Tasks
    • IIS Application Pools
    • IIS Application Pool Recycles
• Unix/Linux Local accounts
• • Machines - finds out Operating System first then local accounts
  • Non-Daemon Users - most other user accounts
  • All users - built-in accounts
  • Scanning accounts
  • • need to be able to connect over ssh
    • read /etc/passwd
    • minimum permissions for taking over account during import sudoer permissions
    • sudoer permissions on /etc/passwd
  • Define host range
  • • IP address
    • Host name
    • IP address range
• Hypervisor ESXi accounts
• • vSphere PowerCLI 5.5 release 2 - API installed on your Secret server
  • PowerShell 3 or greater on your secret server
  • Scanning accounts
  • • Shell Access
    • Query VRM policy permission
  • Define host range
  • • IP address
    • Host name
    • IP address range
• Amazon Web services
• • AWS accounts
  • • AWS access key
    • AWS console account
  • one secret using Amazon IAM secret template
  • Amazon IAM access key permissions
  • • Iam:ListUsers
    • Iam:GetLoginProfile
    • Iam:ListAccessKeys
• Google Cloud platform
• • Discovery and password changing of IAM service account users
  • Discovery of instances associated to the projects
  • Heartbeat and password changing of GCP service accounts
  • Token rotation for GCP service accounts

Custom (Extensible)

• Anything - leverages PowerShell scripts
• SQL accounts & DB links
• Networking equipment
• Embedded password

Accounts Discovery Flow Charts

AD accounts discovery flow chart:

Unix/Linux accounts discovery flow chart:

Vmware ESX/ESXi accounts discovery flow chart:

AWS accounts discovery flow chart:

GCP accounts discovery flow chart:

Steps to Use Discovery

1. Enable Globally
2. Configure Settings
3. Add Discovery Sources and Rules
4. Run Discovery
5. Import Accounts

via Blogger https://ift.tt/3zAbhfs
July 24, 2021 at 06:58PM Thycotic