Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 28 views

    Assignment 3

    Uploaded by

    Shahbaz
    This document discusses the key components, configuration files, and log files of CyberArk Vault and PVWA. It also covers prerequisites for installing these components, the purpose of the operator and master CD keys, how to harden CyberArk servers, and why the vault is kept in a workgroup instead of a domain. The key recommendations for vault security include installing it on a dedicated physical machine isolated from the domain with no third-party software installed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Assignment 3

    Uploaded by

    Shahbaz
    28 views3 pages
    This document discusses the key components, configuration files, and log files of CyberArk Vault and PVWA. It also covers prerequisites for installing these components, the purpose of the operator and master CD keys, how to harden CyberArk servers, and why the vault is kept in a workgroup instead of a domain. The key recommendations for vault security include installing it on a dedicated physical machine isolated from the domain with no third-party software installed.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document discusses the key components, configuration files, and log files of CyberArk Vault and PVWA. It also covers prerequisites for installing these components, the purpose of the operator and master CD keys, how to harden CyberArk servers, and why the vault is kept in a workgroup instead of a domain. The key recommendations for vault security include installing it on a dedicated physical machine isolated from the domain with no third-party software installed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    28 views3 pages

    Assignment 3

    Uploaded by

    Shahbaz
    This document discusses the key components, configuration files, and log files of CyberArk Vault and PVWA. It also covers prerequisites for installing these components, the purpose of the operator and master CD keys, how to harden CyberArk servers, and why the vault is kept in a workgroup instead of a domain. The key recommendations for vault security include installing it on a dedicated physical machine isolated from the domain with no third-party software installed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3

    Assignment 3

    1) List down the Safes, Internal Users, Important Log Files, Important Configuration Files of CyberArk
    Vault & PVWA. Explain about each in one line.

    Safes of Vault:

    ● Notification Engine (It is used to send notification to Administrator) This works with SMTP
    server.
    ● System
    ● VaultInternal

    Internal Users of Vault:

    ● Administrator, Auditor, Batch, Master, Notification Engine, Backup, DR, Operator

    Important Log files of Vault:

    ● ITALOG.LOG : When application not working, we use ITALOG file to troubleshoot.

    Important Config files of Vault:

    ● dbparm.ini (List of transparent users or groups that are added to the Safes are controlled
    by a parameter in the dbparm.ini file. )
    ● license.xml
    ● paragent.ini
    ● passparm.ini
    ● tsparm.ini

    Safes of PVWA:

    ● PVWAConfig, PVWAPrivateUserPrefsAccess, PVWAPublicDataAccess, PVWAReports,


    PVWATaskDefinition, PVWATicketingSystem, PVWAUserPrefsAccess, and
    SharedAuthInternal.
    ● PVWAConfig is the main safe of PVWA.

    Internal Users of PVWA:

    ● PVWAAppUser & PVWAGatewayUser

    Important Log files of PVWA:

    ● PVWAInstall.log, PVWAInstallEnv.log, PVWAinstallError.log, PVWAinstallErrorEnv.log

    Important Config files of PVWA:

    ● Policies.xlm and PVConfiguration.xml are the main config files of PVWA server.
    2) What is Hardening of CyberArk servers? Also, write down the key recommendations of Vault security
    standard?

    Hardening of CyberArk servers is basically getting the Vault ready for installation securely by
    removing unnecessary pre-installed services from NIC card. Hardening is done for securing Vault
    and optimizing it. Hardening is also done during installation of CyberArk Server.

    Vault Security Standard:

    ● Vault should be installed in a dedicated physical machine.


    ● No third party softwares like anti-viruses and remote management tools should be installed.
    ● Vault should be isolated from the Domain.

    3) What are the Prerequisites for installing CyberArk vault & PVWA components? Also, Which keys does
    Operator CD & Master CD consist of and for what purpose do we need those keys?

    Prerequisites for Vault:

    ● We hardened the server by uninstalling unnecessary network services form NIC Card.
    ● We select IPv4 and change properties to set static IP.
    ● We keep it under Workgroup to Isolate it from other Cyberark domain joined Component /
    Servers.
    ● . NET 4.8 should be installed in case Cyberark version above 11.7.

    Prerequisites for PVWA:

    ● We hardened the server by uninstalling unnecessary network services form NIC Card.
    ● We select IPv4 and change properties to set static IP.
    ● We join it to the Domain or AD by assigning domain IP in IPv4’s DNS address.
    ● . NET 4.8 should be installed in case Cyberark version above 11.7.
    ● Vault and AD should be able to communicate to PVWA through it’s IP address or domain
    name.
    ● We need to install a web server to host PWVA. Microsoft provides its own web server called
    IIS (Internet Information Service).
    ● We also install some Roles and services, that are, HTTP Redirection, Request
    Monitor, Basic Authentication, Windows Authentication, ASP, ASP 3.5, ASP 4.5,
    IIS 6 Management Compatibility, IIS Scripts and Tools, Management Service.

    Operator CD contains Server key and recovery public key and Master CD contains the recovery
    private key. Key is required for installation of Vault server.

    4) What is IIS and what do you mean by IIS Binding. List down the important services of CyberArk vault &
    PVWA components?
    IIS binding is installation of SSL or self-signed certificate into the web browser to access https
    secured address.

    ● Six services are getting created when we install Vault server.


    ➔ PrivateArk Database
    ➔ PrivateArk Remote Control Agent
    ➔ PrivateArk Server
    ➔ CyberArk Event Notification Engine
    ➔ CyberArk Logic Container
    ➔ CyberArk Hardened Windows Firewall (gets created if you hardened the Installation)

    ● iisreset is the main service of PVWA.

    5) State the reason behind why do we keep CyberArk vault in WORKGROUP and other primary
    components in domain? And, what all parameters do we validate after installation of Vault & PVWA
    components to confirm that installation went successful?

    Workgroups are independent and free of centralized domain control. As Vault is the heart of
    Cyberark, it should be kept isolated in a single separate server free of any centralized domain
    control, so that it becomes impossible for any attacker to get into Vault server and access
    confidential information.

    For confirming the successful installation of Vault,


    ● We need to make sure 6 services i.e PrivateArk Database, PrivateArk Remote Control
    Agent, PrivateArk Server, CyberArk Event Notification Engine, CyberArk Logic
    Container, and CyberArk Hardened Windows Firewall must be running.
    ● We need to make sure three Safes i.e Notification Engine, System, VaultInternal must be
    there when we login to Cyberark Client.

    Submitted By : Shakya Swasti Mohanty

    You might also like