Imprivata Privileged Access Management Product Update 2.3.201910202213
October 20, 2019
PAM Update: Added video pattern based session initialization and the option to configure SSH Proxy security algorithms
This update adds video pattern-based in-browser session initialization and the option to configure SSH Proxy security algorithms.
Added video pattern stream-based conditional initialization of in-browser sessions to remote computers
The new update adds entropy-based video stream analysis conditions when executing Prologue sequences at the beginning of an in-browser session.
The option is useful to limit session initialization to a certain state of the graphical desktop.
Examples include unlocking screen saver with the password of the current user while preventing the unlock sequence execution in the interactive state.
The other example is to launch a command-line utility on certain devices based on the logo header returned from the remote device.
Use {blobs< NUMBER} or {blobs> NUMBER} as a condition to Prologue sequence with the NUMBER estimating the level of the image traffic sent from the server.
Analyze system log message Prologue Condition check with the actual calculated values to evaluate threshold conditions.
Below is the simple example of a Prologue initialization sequence to launch an ls command in remote sessions with specific types of logo header returned at the beginning of an SSH session:
{blobs>130}->{ENTER},:->lsAdded the option to configure SSH Proxy security algorithms
The new update adds the option to select specific Key Exchange, Message Authentication Code (MACs) and Cipher algorithms used by SSH Proxy client connection.
With the new update, SSH Proxy server will only negotiate the algorithms defined in the configuration when negotiating the protocol with an SSH client.
The update also removes the algorithms that are considered “weak” from the default out of the box configuration.
These algorithms, however, might be added back to support specific clients.
The option improves the security of the SSH Proxy server by forcing it to only negotiate stronger algorithms.
Use the following Global Parameters accessible using Administration / Settings / Parameters screen to configure SSH Proxy algorithms: SSH Proxy Ciphers, SSH Proxy Key Exchange Algorithms, SSH Proxy Macs.
Review context help for these parameters to see the list of all available values as well as the description of the parameters.
