Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

A Flexible, Simplified Way to Protecting Privileged Accounts in Unix & Linux

July 18, 2017

  • Blog
  • Archive
A Flexible Simplified Way to Protecting Privileged Accounts in Unix & Linux Privileged accounts, which allow administrators to manage the IT environment, are necessary in just about every enterprise. However, privileged accounts also introduce some serious compliance and security risks to organizations. They are often “all or nothing,” types of accounts. For instance, in Unix, privileged accounts such as root grant a help desk technician who simply needs to unlock a password full administrative rights, which can be intentionally, or unintentionally, misused. Privileged accounts are more difficult to manage than regular user accounts because many people and systems often share credentials, making it very difficult to secure the credentials, regularly change them, and to hold users accountable their actions when using the credentials. I’ve written a white paper that will help you to protect your organization by outlining clear, modular steps your organization can take to mitigate the security risks of Unix/Linux privileged accounts, but I’ll summarize the main points here in this blog.
Download this white paper now and learn how to simplify and protect privileged accounts for Unix & Linux. Download now

Why Unix Linux Privileged Accounts are Such a Risk

Many organizations store their most critical applications and most sensitive data on Unix or Linux systems. But, these organizations often have difficulty effectively and efficiently securing, controlling and monitoring their privileged accounts and credentials. Unix and Linux “root” accounts are the most powerful accounts, and without a root management and security tool to bring accountability, organizations face a number of security and compliance risks. The consequence is that these accounts and credentials are often left unprotected from malicious and unauthorized users. To protect Unix/Linux accounts and credentials in a uniform and effective manner, organizations must use controls that centrally manage privileged accounts throughout the enterprise, secure and rotate privileged account credentials, proactively secure privileged user sessions and continuously monitor privileged accounts to detect anomalous activity.

5 Steps to Better Manage and Protect Unix & Linux Accounts

Step 1 – Lay a Solid Foundation An important step is setting up some rules and controls, such as changing default IDs and passwords for privileged accounts and disallowing sharing of these privileged accounts. You should also seek out tools that can help to automate the discovery, security, and protection of your privileged accounts. These tools should allow you to continuously discover privileged accounts, store privileged account passwords in a safe, automatically rotate passwords regularly, and effectively monitor and report on privileged account activity. Step 2 – Implementation of PAM into Your Environment During implementation of your PAM strategy, you should strive to limit the rights of your administrators. As mentioned earlier, Unix takes an “all access” approach to administrator permissions. Granting administrators everything they need to do their jobs, but nothing beyond that, will bring order to your PAM solution. Set your PAM solution up to track administrator activity. Many organizations have a system to track what employees are doing, but that tracking often doesn’t include privilege account users. Make sure your solution provides real time observation of your privilege accounts, creates an audit trail and alerts upper management of problems. Step 3 – Secure the PAM Solution Securing your PAM solution can be a huge challenge. However, it is essential to control, protect, and secure your privileged accounts. There are two things that I think are vital to your success. First, you should avoid the use of manual methods for PAM. Manual practices are dangerous and inefficient, and automated PAM software solutions can be installed quickly and managed with minimal effort. By automating your PAM solution, you will save time and money and greatly increase protection of your network. Second, you should choose a partner for your PAM solution. An experienced PAM implementer will help you to effectively and efficiently control access to your sensitive systems and data, comply with policies and regulations, and ultimately make your company safer. Step 4 – Continuously Improve the Privileged Access Management Solution One essential aspect at this stage is to ensure that you have ongoing improvement in auditing privileged accounts and demonstrating compliance. Here are a few tips for doing this.
  • Audit and analyze privilege account activity to examine how they are being used. This will help you to spot unusual behaviors that may indicate a breach or misuse and to keep track of the root causes of security incidents, as well as demonstrate compliance with policies and regulations.
  • Demonstrate compliance with regulations, as PAM security is considered an essential part of any overall cybersecurity protection strategy.
  • Keep discovering privileged account changes made in your network in order to maintain the visibility and control necessary to protect your critical information assets.
Step 5 – Integrating PAM with Your Existing Unix Linux Security Controls The final step consists of integrating all you have built into your current environment. PAM is just one essential component in your overall strategy and integrating it as part of the broader category of Identity and Access Management (IAM) ensures that your privileged accounts will be kept as secure as possible. A good PAM solution will also improve insights into vulnerability assessments, IT network inventory scanning, virtual environment security, identity governance, and administration and behavior analytics.

Next Steps

The problems that arise from uncontrolled access to privileged accounts can result in multimillion dollar losses for your organization. Privileged access on Unix/Linux systems represents a serious security risk that must be addressed in a thoughtful, practical and balanced manner. There is no silver bullet for IT security, but by following these five modular steps I have outlined in this white paper, your organization can assess its current situation, identify gaps and mitigate the risks involved in providing privileged access. Fortunately, there are powerful, cost-effective solutions readily available to protect your organization.
Download this white paper now and learn how to simplify and protect privileged accounts for Unix & Linux. Download now

Derek A. Smith

Founder, National Cybersecurity Education Center

Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.