Organizations often manage critical devices running on Linux, Unix, and CISCO IOS which support SSH connections, many of which orchestrate daily business activities. IT teams restrict user access to such devices by granting access to only mission-critical employees. Organizations must enforce granular restrictions that prevent even privileged users from performing unauthorized actions. These actions are executed using SSH commands.
Without SSH command control, administrators have no control over what commands are executed by other privileged users. For example, any user may choose to delete files, remove a critical directory, or access an unauthorized file path at any point in time, and administrators are left with performing damage control due to the lack of a preventive measure.
Using PAM360's SSH command filter, IT admins can create and enforce a list of commands that all or a select few employees can run on resources. At any point, PAM360 will prevent users from running commands that are not part of this list.
Create a set of custom commands that your users can run. You can also instantly import these commands from a CSV file to PAM360. Once added, IT admins can enable command control by associating these command groups with relevant resources. You can also use the default set of allowlist commands suggested by PAM360.
Group multiple commands into a command group to allow-list a bulk list of commands on a resource. IT admins can add new commands or remove existing commands from a command group as and when required.
You can implement granular access restrictions by selectively enforcing command control on a select few user accounts within a resource. This helps teams avoid unwanted access disruptions.
When resources are enabled with access restrictions, PAM360 will display the list of commands allow-listed by admins in a side panel. Users can search for commands relevant to their tasks from this list and use them accordingly.
By default, all IT admin users will have access to a Command Control role. This role will allow them to create commands and command groups, associate command groups with resources and accounts, and enforce command control. You can determine who can and can't enable command control in your organization by customizing the command control roles according to your needs.
View real-time audits on all the critical command control operations performed in PAM360. You can find a report of all the command groups mapped with resources and accounts from the Reports tab.
Whether you wish to restrict access to every employee in your organization, or create a custom restriction for internal or third-party personnel, PAM360's native command control will protect your endpoints.