Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Unix & Linux Least Privilege Investment - How to Extend Your Value

June 13, 2017

  • Blog
  • Archive

blog-unix-linux-least-privilege-investment.jpgThis is the final blog in a series that reviews Unix/Linux use cases for least privilege, security and compliance.

In my last blog, I discussed deeper levels of auditing necessary to prevent unwanted changes to Unix/Linux files, scripts and systems in a compliance context. The first blog in the series covered the basics for Unix/Linux security. Since we covered some security and compliance use cases already, the focus of this blog will be primarily focused on use cases that extend the value of your least privilege investment by integrating with other solutions in your security portfolio.

Get all 15 use cases now by downloading this white paper "15 Common Server Privilege Management Use Cases for Unix & Linux" Download now

Achieving Fully Integrated Enterprise Password Management and Least Privilege

For a password storage solution to operate, a second level account (functional account) is required for the safe to be able to drive password changes if the managed account password becomes out of sync or unknown to the safe. This is also true for any application that needs higher privileges, such as scanning tools, automated remote administration, etc. These accounts pose a risk on the target system due to their required privilege level of ‘user password manager’.

By installing PowerBroker for Unix & Linux with PowerBroker Password Safe and adding a simple policy, any user account – even one with extremely limited rights on the target system – can be granted the privileges needed by Password Safe to function. This ensures increased security and tighter compliance by not having accounts with privileges typically required for functional accounts to operate and lowers the attack surface of the given host.

Integrating Privileged Password Management with Command Execution

Sometimes, administrators need to perform an action on a target host that requires the use of an account/password which may not reside on the host itself. Running a command via PowerBroker for Unix & Linux, i.e. pbrun sqlplus, PowerBroker for Unix & Linux can retrieve credentials from a password storage solution for use in the execution of the requested command. This integration ensures that organizations can not only control their privileged credentials but enable very granular command control on target systems once the credential is retrieved.

Consolidating Accounts and Directories to Simplify Access and Reduce Attack Surfaces

When users and administrators need access to a system, a user account needs to be created on each Unix/Linux host to provide system access for the user. Rights for these user accounts are often bloated and clean-up of accounts, along with their associated rights, often goes unchecked when an employee changes roles or leaves an organization. Organizations need a way reduce the number of accounts being created, control which server those consolidated accounts can logon to and what rights that user has after they have been authenticated.

PowerBroker Identity Services, coupled with PowerBroker for Unix & Linux, provides account consolidation along with consolidated system access rights and a least privilege system to control user rights post-logon. A user’s Active Directory group membership can control what servers that user can access and a centralized policy will tightly control and audit a user’s activities during each authenticated session.

As an additional benefit, PowerBroker Identity Services allows users to log onto Unix, Linux, or Mac systems using their Active Directory (AD) usernames and passwords, without requiring additional infrastructure or password synchronization. PowerBroker facilitates migration from multiple authentication mechanisms, identities, and directories to a single Active Directory-based infrastructure for all systems and users. This centralizes control and speeds user onboarding and offboarding.

Next Steps

In this blog series, I have reviewed 11 use cases for taking greater control and improving security on your Unix/Linux systems – everything from the basics, to more advanced use cases to those that extend the value of it. Download the white paper that summarizes these use cases – and more. And as always, if you would like to see the product in action, schedule a one-one-demo today.

Paul Harper

Product Manager, BeyondTrust

Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.