We are working on common controls for PAM and need an official detailed response to the below control:
Please describe in detail how PAM implements protective features to prevent replay attacks.
Information is required in light of recent exploits of security vulnerabilities in other products.
Release : 3.4
Component : PRIVILEGED ACCESS MANAGEMENT
PAM Product Management provided the following response in late Dec 2020. Details may change in future releases.
Symantec Privileged Access Manager (PAM) is an enterprise application which manages the lifecycle of privileged system credentials and access to those credentials for authorized users and programs.
The PAM application is provided as a secure appliance inclusive of a minimal Linux distribution with encrypted file system, integrated enterprise class database and available FIPS 140-2 encryption module option. Security follows the “defense in depth” approach to minimize attack surface.
Inbound TLS connections to PAM are over HTTPS through port 443 to the secure port forward daemon (spfd). The encryption module in spfd is either OpenSSL or WolfSSL (FIPS Mode). TLS 1.2 with forward secrecy is supported as standard. User connections from the PAM hardened workstation client use a dynamic session ID and timestamp. This combination minimizes the potential of a MIM/replay attack.
System credentials under management by PAM are stored encrypted by an AES 256 symmetric key which can be optionally rotated from time to time as an extra precaution. The database symmetric key is encrypted by a Key-Encryption-Key (KEK) which is generated on initial setup and is individual to each deployment. Symmetric keys are generated using a NIST SP800-90b compliant entropy source when available (Intel CPU supported RDRAND function certified in NIAP Common Criteria https://www.niap-ccevs.org/Product/PCL.cfm?par303=Broadcom%20Corporation ).
For programmatic access to managed target credentials, a hardened client (A2A Client) is installed on the request server where the applications requiring the credentials are installed. Initial authorization of the Client in PAM by the System Administrator is required. On authorization, a unique AES256 symmetric is generated for the A2A client (each client has individual unique key). This key is used to encrypt the payload sent from the PAM server to the A2A client. The payload includes authorization Mappings for applications to gain access to Target credentials. Integrity verification of the requestor (calling application) is handled by validation of the Requestor Hash, the execution path and file path on record. Any changes would result in the credential not being disclosed and a Tamper error logged. The AES symmetric keys can be optionally rotated from time to time as an additional precaution, however, the keys are protected in memory by whitebox techniques to prevent key lifting.
Target credential management in PAM has many options for credential lifecycle policy. This includes the maximum number of days before rotation and ability to change the credential on-use (ie one-time-password) by a Human User or require another user to authorize (dual approver). Credentials that are changed by the system and are known to be used programmatically will be propagated out to the A2A clients having this authorized mapping. The credentials are decrypted from the server database and re-encrypted with the unique key of the A2A client.
User Authentication includes SAML, PIV (HSPD#12), RADIUS and TACACS+"