Privileged accounts, which allow administrators to manage the IT environment, are necessary in just about every enterprise. However, privileged accounts also introduce some serious compliance and security risks to organizations. They are often “all or nothing,” types of accounts. For instance, in Unix, privileged accounts such as root grant a help desk technician who simply needs to unlock a password full administrative rights, which can be intentionally, or unintentionally, misused.
Privileged accounts are more difficult to manage than regular user accounts because many people and systems often share credentials, making it very difficult to secure the credentials, regularly change them, and to hold users accountable their actions when using the credentials. I’ve written a white paper that will help you to protect your organization by outlining clear, modular steps your organization can take to mitigate the security risks of Unix/Linux privileged accounts, but I’ll summarize the main points here in this blog.
Download this white paper now and learn how to simplify and protect privileged accounts for Unix & Linux. Download now
Why Unix Linux Privileged Accounts are Such a Risk
Many organizations store their most critical applications and most sensitive data on Unix or Linux systems. But, these organizations often have difficulty effectively and efficiently securing, controlling and monitoring their privileged accounts and credentials. Unix and Linux “root” accounts are the most powerful accounts, and without a root management and security tool to bring accountability, organizations face a number of security and compliance risks. The consequence is that these accounts and credentials are often left unprotected from malicious and unauthorized users. To protect Unix/Linux accounts and credentials in a uniform and effective manner, organizations must use controls that centrally manage privileged accounts throughout the enterprise, secure and rotate privileged account credentials, proactively secure privileged user sessions and continuously monitor privileged accounts to detect anomalous activity.5 Steps to Better Manage and Protect Unix & Linux Accounts
Step 1 – Lay a Solid Foundation An important step is setting up some rules and controls, such as changing default IDs and passwords for privileged accounts and disallowing sharing of these privileged accounts. You should also seek out tools that can help to automate the discovery, security, and protection of your privileged accounts. These tools should allow you to continuously discover privileged accounts, store privileged account passwords in a safe, automatically rotate passwords regularly, and effectively monitor and report on privileged account activity. Step 2 – Implementation of PAM into Your Environment During implementation of your PAM strategy, you should strive to limit the rights of your administrators. As mentioned earlier, Unix takes an “all access” approach to administrator permissions. Granting administrators everything they need to do their jobs, but nothing beyond that, will bring order to your PAM solution. Set your PAM solution up to track administrator activity. Many organizations have a system to track what employees are doing, but that tracking often doesn’t include privilege account users. Make sure your solution provides real time observation of your privilege accounts, creates an audit trail and alerts upper management of problems. Step 3 – Secure the PAM Solution Securing your PAM solution can be a huge challenge. However, it is essential to control, protect, and secure your privileged accounts. There are two things that I think are vital to your success. First, you should avoid the use of manual methods for PAM. Manual practices are dangerous and inefficient, and automated PAM software solutions can be installed quickly and managed with minimal effort. By automating your PAM solution, you will save time and money and greatly increase protection of your network. Second, you should choose a partner for your PAM solution. An experienced PAM implementer will help you to effectively and efficiently control access to your sensitive systems and data, comply with policies and regulations, and ultimately make your company safer. Step 4 – Continuously Improve the Privileged Access Management Solution One essential aspect at this stage is to ensure that you have ongoing improvement in auditing privileged accounts and demonstrating compliance. Here are a few tips for doing this.- Audit and analyze privilege account activity to examine how they are being used. This will help you to spot unusual behaviors that may indicate a breach or misuse and to keep track of the root causes of security incidents, as well as demonstrate compliance with policies and regulations.
- Demonstrate compliance with regulations, as PAM security is considered an essential part of any overall cybersecurity protection strategy.
- Keep discovering privileged account changes made in your network in order to maintain the visibility and control necessary to protect your critical information assets.
Next Steps
The problems that arise from uncontrolled access to privileged accounts can result in multimillion dollar losses for your organization. Privileged access on Unix/Linux systems represents a serious security risk that must be addressed in a thoughtful, practical and balanced manner. There is no silver bullet for IT security, but by following these five modular steps I have outlined in this white paper, your organization can assess its current situation, identify gaps and mitigate the risks involved in providing privileged access. Fortunately, there are powerful, cost-effective solutions readily available to protect your organization.Download this white paper now and learn how to simplify and protect privileged accounts for Unix & Linux. Download now
Derek A. Smith, Founder, National Cybersecurity Education Center
Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.