Skip to content

Introduction

The current section describes EPAS Operations for audits, including target configuration, setting up audit profiles and running jobs to generate reports.

Intended Audience

This document is intended for use by regional security management teams and the Security Operations Centre (SOC) responsible for performing password security analysis and taking corrective and remediation actions.

EPAS Operations

EPAS (Enterprise Password Assessment Service) is a service providing password auditing within an enterprise environment, by auditing accounts on different server architectures and operating systems. The process of auditing passwords consists of defining a target system to connect to and extract the account profile information, setting up an audit profile to match the respective profile, and finally to schedule an audit job in order to generate an audit report.

EPAS can audit several types of systems, ranging from Microsoft products to IBM products (iSeries, zSeries, Domino) and other systems such as UNIX based systems, LDAP directories and the main database backends. The following system types are supported for account profile and password hash extraction:

  • IBM System i - iSeries - AS/400
  • IBM System p - pSeries - RS/6000 AIX [Mass definition possible]
  • IBM System z - zSeries - S/390 z/OS RACF
  • IBM System z - zSeries - S/390 z/VM RACF
  • IBM Lotus Domino Application Server
  • Microsoft Active Directory Accounts
  • Microsoft Windows Local Accounts [Mass definition possible]
  • BSD Operating System [Mass definition possible]
  • Linux Operating System [Mass definition possible]
  • MacOS System Accounts [Mass definition possible]
  • Sun Solaris - SunOS [Mass definition possible]
  • Apache Basic - htpasswd
  • SAP NetWeaver - ABAP AS
  • LDAP Authentication Server
  • Cisco ASA, IOS, NX-OS Accounts [Mass definition possible]
  • Cisco ISE Accounts
  • MSSQL System Accounts [Mass definition possible]
  • MySQL System Accounts [Mass definition possible]
  • Oracle System Accounts [Mass definition possible]
  • PostgreSQL System Accounts [Mass definition possible]
  • Sybase ASE System Accounts [Mass definition possible]
  • MongoDB System Accounts [Mass definition possible]
  • DB2 Database Custom Application
  • Informix Database Custom Application
  • MaxDB Database Custom Application
  • MSSQL Custom Database Application
  • MySQL Database Custom Application
  • Oracle Database Custom Application
  • PostgreSQL Custom Database Application
  • Sybase ASA Database Custom Application
  • Sybase ASE Database Custom Application

EPAS allows system administrators and security officers to assess the status of the passwords inside a corporate environment. The EPAS administrator is able to analyze reports for any password policy violations and / or any other inconsistencies, such as weak password allocation, dictionary similarity, and initial passwords.