Shared Administrative

Embedded

Service

Definition:

  • Interactive logins used by humans.
  • Client tools: PuTTY, RDP, SQL Studio, etc.
  • May be used at a physical console.

  • One application connects to another.
  • DB logins, web services, etc.

  • Run service programs with admin or limited rights.
  • Windows requires a password.
  • Scheduled tasks, IIS, DCOM, SCM, etc.

Challenges:

  • Access control.
  • Audit/accountability.
  • Single sign-on.
  • Session capture.

  • Authenticating apps prior to password disclosure.
  • Caching, key management.

  • Avoiding service interruption.
  • Restart service if req'd.