PAM Lab

Product Chosen: CyberArk Lab Task: Create a safe and add a privileged account.

Using CyberArk, create a safe to store privileged credentials and add a privileged account to it, ensuring it’s accessible only to authorized users.

Sign up for a CyberArk trial at cyberark.com.
Log into the CyberArk Privileged Access Security (PAS) web interface.
Create a new safe:
- Navigate to Safes (or Policies > Safes depending on the version).
- Click Add Safe, enter a name (e.g., "TestSafe"), and set permissions (e.g., allow yourself full access).
- Save the safe.
Add a privileged account:
- Go to Accounts > Add Account.
- Platform: Select a platform (e.g., "Windows Domain Account").
- Safe: Select "TestSafe".
- Enter details: username (e.g., "admin"), password, and address (e.g., a dummy server name).
- Save the account.
Test access:
- Return to the safe and retrieve the account credentials as an authorized user.

As an authorized user, view or retrieve the account password from the safe.
If possible, log in as a different (unauthorized) user to confirm access is denied.

Request a trial from cyberark.com.
CyberArk will provide deployment instructions (e.g., a cloud-based instance or VM download).
Deploy the PAS solution (e.g., on VMware) and follow the setup guide to configure the initial admin account and network settings.

Configure CyberArk to record sessions for privileged accounts in the safe, allowing session review for auditing.

Log into the CyberArk PAS web interface.
Enable session recording:
- Go to Policies > Master Policy.
- Under Privileged Session Management, check "Record and save sessions".
- Configure settings (e.g., video format) and save.
Apply to the safe:
- Go to Safes, select "TestSafe", and edit properties.
- Ensure safe members have "Use accounts" and "Retrieve accounts" permissions.
Test the configuration:
- Use a privileged account from the safe to access a target system (e.g., via RDP).

Last updated 2 months ago