Seek First to Understand, Then be Understood
Two of the biggest challenges facing enterprises today are the management of security and achieving compliance in an increasingly regulated world. Not surprisingly, the two are often interrelated, since compliance mandates frequently seek to bring regulated businesses to at least a minimum standard of security in order to control risk.
Compliance, however, is not the same as security. We have seen all too many examples where companies are meeting compliance requirements and passing audits, but still end up falling victim to a breach. Effective security will directly support compliance, particularly when the intent of compliance is to foster better security.
Security and Compliance Efforts Shouldn’t Over-index on External Threats
Highly knowledgeable and often highly privileged insiders who: 1) have access to the most sensitive IT resources, 2) have the knowledge of how and where to exploit that access, can have a vastly disproportionate impact on an organization.
Even if all of your ‘insiders’ can be trusted, almost every single breach that originates outside of an organization (the external threat) normally leverages poorly managed and over permissioned accounts once they have breached the perimeter.
The Risk to Unix and Linux Systems – Access to Root
In days gone by, Unix and Linux servers – safely tucked away in locked-down datacenters – were viewed to be impervious to such attacks. However, that is simply not the case today. There are as many vulnerabilities reported for Unix and Linux systems as there are for Windows systems, if not more, and this has been the case for years now.
To make matters worse, all Unix and Linux systems suffer from the same Achilles heel, namely the “root” user account. Root privilege often means the highest and broadest level of control over the most fundamental level of IT—the operating system itself. Access to file systems as well as functionality means that the root account presents one of the highest-impact opportunities for exploit, fraud or information theft.
Compounding this risk is the fact that root accounts are typically shared among a group of administrators, which limits the ability to define workable controls on the actions of each individual having root access. It also limits visibility into precisely who did what with root access in any specific case. The integrity of dedicated professionals should be better protected from this risk. This can only be achieved when access and actions can be credibly demonstrated and controlled, with minimal impact on the latitude these professionals need to do their work.
Overcoming the Inherent Risk to Sharing Root Access
What is needed to address the gaps in root access control is a solid foundation of provable controls. Such a solution must:
- Offer tighter granularity of control over who can do what to which systems and under which conditions.
- Provide a higher level of user-specific visibility into all the actions of those with access to root—not just which commands were entered, but outputs and results as well.
- Match controls with assurance that highly sensitive root-level actions are not being abused and are always accompanied by an indelible audit trail.
This level of assurance is, in fact, the only way to demonstrate effective control, and the only way to substantiate compliance.
Solving the Problem
The PowerBroker Server Privilege Management solution closes security gaps by allowing users to run only the commands they need to perform a given task or perform their daily duties. There are multiple capabilities in the solution that enable organizations to achieve a greater level of assurance and control over root privileges on Unix and Linux systems.
- Policy language: A highly flexible policy language offers open-ended possibilities for policy definition, enabling its use across a wide variety of targets and use cases.
- Reporting: PowerBroker offers more complete visibility into actions than commodity alternatives, with more comprehensive and reliable reporting. PowerBroker’s in-depth detail in reporting is enhanced by the ability to report on user entitlements, addressing one of today’s more significant issues for enterprise compliance and control.
- Keystroke logging: Keystroke logging capabilities include the ability to capture all session I/O, including stderr as well as stdout, which reveals the outcomes of actions in addition to commands entered.
- Session replay: PowerBroker’s real-time replay capability enhances visibility with the sequence of events that reveals actions and outcomes more fully.
These capabilities not only support security and compliance requirements, but also aid in troubleshooting root cause issues when human actions impact business-critical performance, availability, or resource integrity. PowerBroker complements these values with an advanced search capability that improves the efficiency of visibility when needed.
The Importance of Enterprise Scale
PowerBroker is designed for the enterprise. It enables users to perform tasks across multiple targets simultaneously, and is readily deployed with rapid time to productivity. Its non- intrusive architecture requires no change to the Unix or Linux kernel, which significantly lowers barriers to deployment. There is no need to shut down servers or force a reboot in order to deploy, which eliminates impact on resource availability.
PowerBroker’s distributed and reliable architecture includes consolidated reporting, which reduces the impact on record-keeping and record-gathering for the enterprise. It integrates with a wide range of enterprise identity management resources, from LDAP, NIS, NIS+ and other identity stores to local accounts, smoothing the ability to correlate actions with individual users, and leveraging resources such as PAM to enforce policy across concurrent sessions.
Native secure remote access capabilities help keep root privilege confidential. Perhaps most valuable to the business and audit professionals directly charged with responsibility for privilege control, its use and reporting capabilities are significantly more intuitive than commodity tools whose functions are often obscure. This enables more actionable visibility for these groups, and eliminates the need for extensive programming expertise on the part of PowerBroker users.
Key to achieving security and compliance objectives on Unix and Linux systems is the ability to control root account access. Enabling that control requires a flexible policy language, deep reporting, session monitoring, and enterprise scale. Use this as a checklist when evaluating solutions to address the challenge of securing Unix and Linux systems.
Paul Harper, Product Manager, BeyondTrust
Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.