Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/deepthoughts10/statuses/113269372930015799">Brian Clark (deepthoughts10@infosec.exchange)'s status on Tuesday, 08-Oct-2024 11:11:11 JST</a><a href="https://infosec.exchange/@deepthoughts10" title="deepthoughts10@infosec.exchange"><img src="https://gnusocial.jp/avatar/116759-48-20240113200827.webp" width="48" height="48" alt="Brian Clark" style="position: absolute; left: 0; top: 0;">Brian Clark</a><div><a href="https://infosec.exchange/@horse/113268716553078805" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/34501" title="merill@infosec.exchange">Merill #microsoft #azuread :verified: :donor:</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@horse">@horse</a> <a href="https://infosec.exchange/@merill">@merill</a> that's the traditional CyberArk model -- have a handful of highly privileged accounts that authorized users can check out and use for a limited period of time (or use them via a privileged session manager connection through a CA RDP proxy). I've never liked that approach because it makes it harder to correlate administrative actions to a person.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3789742#notice-7417349">In conversation</a><time datetime="2024-10-08T11:11:11+09:00" title="Tuesday, 08-Oct-2024 11:11:11 JST">about 4 months ago</time> <span>from <span><a href="https://infosec.exchange/@deepthoughts10/113269372930015799" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@deepthoughts10/113269372930015799">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Brian Clark (deepthoughts10@infosec.exchange)'s status on Tuesday, 08-Oct-2024 11:11:11 JSTBrian Clark
in reply to
- Jake Hildreth (acorn) :blacker_heart_outline:
- Merill #microsoft #azuread :verified: :donor:
@horse @merill that's the traditional CyberArk model -- have a handful of highly privileged accounts that authorized users can check out and use for a limited period of time (or use them via a privileged session manager connection through a CA RDP proxy). I've never liked that approach because it makes it harder to correlate administrative actions to a person.
In conversationabout 4 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice