The GaterZone PAM product is designed to manage privileged access and user accounts within an organization's network. Its main goal is to enhance security against internal and external threats by establishing policies for users and communication protocols. It offers comprehensive features like user and group policy definition, detailed reporting, live session monitoring, and session recording, providing a holistic solution for network administration and security.
GaterZone PAM allows administrators to define "Time Range Policies" which specify the exact timeframes during which users or groups can access resources. These policies can be customized with various recurrence patterns, including once-only, daily, weekly (with specific days and frequency), monthly (by day of the month), and yearly (by month and day). This ensures that privileged access is only granted when needed and within defined schedules.
GaterZone PAM implements "Source IP Policies" to control access based on the originating IP address of the connection. Administrators can create policies to either "Allow" or "Deny" access from specific IP addresses or ranges. These policies can then be linked to access configurations, ensuring that resources are only accessible from trusted or designated network locations, adding an extra layer of security.
The "Applications" feature in GaterZone PAM enables administrators to restrict users to specific applications within an isolated and secure browser environment using container technology. This approach minimizes resource consumption compared to virtual desktop infrastructure (VDI). Administrators can define resources of the "Application" type and grant specific users or roles access to only these designated applications, enhancing security by limiting the attack surface.
GaterZone PAM utilizes a role-based access control (RBAC) system where administrators can define various "Roles" with specific permissions to different parts of the PAM service. These roles determine what users can view, manage, and configure within the system. Examples include an "Authentication Admin" role with full user and user group management capabilities. A single user can be assigned multiple roles to provide the necessary level of access.
The "Resources" section of GaterZone PAM allows administrators to define and manage the target systems (like servers, workstations, network devices) and applications that users will access. When creating a resource, administrators can specify its name, URL (if applicable), IP address, type (Application, Server, Workstation, Network Device), and owner(s). They can also configure allowed IP addresses and specific ports for protocols like RDP and SSH, providing granular control over resource accessibility. Resources can also be organized into "Resource Groups" for easier management and policy application.
GaterZone PAM includes a dedicated "Credentials" section for securely storing and managing authentication information. Administrators can create credential entries with a name, optional domain, username, and the secret type (password or private key). This allows for the centralized management of sensitive credentials used to access target resources, potentially enabling credential vaulting and automated password management workflows.
"Access Policies" in GaterZone PAM define detailed rules governing how users interact with resources. These policies cover general settings like clipboard redirection and idle timeout, application-specific controls such as webcam redirection and resource limits (memory, CPU cores), and protocol-specific settings for SSH (shell access, command execution) and RDP. Administrators can create granular policies to control user behavior and session parameters based on the communication protocol being used.
The GaterZone PAM product is designed for access management, corporate user management, and ensuring corporate network security against current threats by creating policies for users and communication protocols. It offers a complete, fast, and secure solution for managing network administration in various dimensions.
The PAM panel settings are divided into five main categories: Users, Accesses, Connections, Activities, and Policies. Some sources mention six main categories including Dashboard.
The "Time Range Policies" section is located in the "Policies" main category in the PAM panel's side menu.
In the "Time Range Policies" section, you can define time schedules to be used when creating accesses. You can create new time range policies with different formats and patterns and view a list of existing policies with related information.
The list of Time Range Policies displays the name given to each time range, any additional descriptions entered when creating the policy, and the time scale or recurrence pattern. It also includes an "Edit" option for administrators to modify the policy information.
There are five time scale options: Once, Daily, Weekly, Monthly, and Yearly. Each option allows for different levels of recurrence customization, including start and end dates/times, repeat frequency, days of the week, and days/months of the year.
The "Source IP Policies" section is also located under the "Policies" main category in the PAM panel's side menu.
"Source IP Policies" allow you to configure settings to permit or deny access based on IP addresses. You can create lists of allowed or denied IPs with specific names, which can then be used when creating new accesses.
The list displays the name of each Source IP Policy, any additional descriptions, the type of policy (Allow or Deny), the source IPs to which the policy applies, and an "Edit" option for administrators.
The "Applications" section is located under the "Connections" main category in the side menu.
The "Applications" section allows administrators to restrict users to specific applications within their browser in an isolated and secure environment using container technology. This can be a more resource-efficient alternative to VDI.
: Applications are typically added during the PAM service setup based on the employer's requests. To add or remove applications after installation, you need to contact Spar company's support team.
The "Roles" section is located under the "Users" main category in the PAM panel's side menu.
This section contains a list of roles and the permissions associated with each role. It shows the access level each role has to different parts of the PAM service and what they can manage and configure.
Yes, it is possible to apply more than one role to a single user.
The "Resources" section is found under the "Accesses" main category. Another source indicates it might be a top-level section.
This section is for creating and configuring servers (Servers) that users can access. It involves setting up the resources needed for user access.
Currently, there are four resource types: Application, Server, Workstation, and Network Device.
The "Resource Groups" section is also located under the "Accesses" main category. Another source indicates it might be a sub-section of Resources.
"Resource Groups" allow you to create groups of different resources to apply the same policies. This section lists created resource groups and provides options to create new ones.
The "Credentials" section is located under the "Accesses" main category. Another source also lists it as a sub-section under Accesses.
This section manages login credentials such as usernames, passwords, and private keys used to access resources. It lists created credentials and allows for the creation of new ones.
The "Access Policies" section is located under the "Policies" main category. Another source also lists it as a sub-section under Policies.
"Access Policies" allow you to define detailed policies related to access, such as session recording, OCR usage, clipboard permissions, DNS server settings, and idle timeout. These policies can be applied to different communication protocols.
"Access" (in the "Accesses" section) defines how and with which protocol a specific user or user group can access a resource. "Access Policy" (in the "Policies" section) manages the general settings for access policies, such as session recording and OCR usage.
The "Accesses" section is one of the five main categories or six main categories in the PAM panel. It also has its own sub-section under the main "Accesses" category.
This section is used for access management, where you define which users can access which resources using specific connection protocols and access levels. You essentially authorize how a user or group can connect to a particular resource using a chosen protocol.
There are four authentication methods available: PAM Credential, Saved Credential, Ask, and Ask Password.
The "Dashboard" provides a general overview of the system, including the status of sessions, resources used by the PAM system, and the health status of the services it uses. It may display information about licenses, active sessions, defined resources, storage usage, user counts, and system statistics.
Users can access their profile section by selecting the "Personal Profile" icon located in the top left corner of the screen.
In the User Profile, users can view and adjust their personal information (name, email, description), login and security settings (username, password, 2FA), and manage their public keys.
New users can be created in the "Users" section under the "Users" main category by selecting the "New User" option. You will need to provide a username, password, name, email, and can assign roles and user groups.
A user's role determines their access levels within the PAM system. Different roles have different permissions to view and manage various sections and features.
"User Groups" allow you to group users together so that policies, accesses, and resources can be applied to the entire group. This simplifies management by applying settings to multiple users simultaneously.
