Unix & Linux Privilege Management: Where Do You Start, How Do You Justify?
April 5th, 2017
Unix and Linux hosts are a prime target for would-be hackers and malicious insiders. Why? Because the native tools and available free options to limit access to those systems aren’t military grade. Take sudo for instance. It has to be locally configured and managed on each host. Its policy language and format are hard to read and use. There is no segregation of duties with sudo. You can’t limit access to the file system with sudo. Sudo is command line only. To sum up sudo: It’s hard to use, and it’s not that secure. For an organization looking to better protect their Unix/Linux estate, or maybe take that first painful step away from sudo, you have to be asking, “What’s the alternative?”
In this blog, I’ll give you a framework for evaluating alternatives to sudo. At the end of the day, the objectives for you should be to 1) improve security, 2) simplify the process of proving compliance, and 3) make the lives of your admins easier.
Four Primary Considerations
There are four primary considerations I recommend you make as you look to replace sudo.
- The ability to specify privileges with a high degree of granularity
You should be able to restrict access and available privileged commands for each user by day, date, and/or time, and by the source and/or destination hosts. Consider the benefits of being able to restrict a user who only needs to execute a single privileged command on a few servers on Fridays, for example, as opposed to having to grant that user unrestricted access to an account with unlimited power across hundreds of servers. Sufficient granularity enables your organization to achieve the principles of least privilege and segregation of duties; principles that are required by most security compliance initiatives.
- Support for role-based access control
Role-based access control involves creating roles, specifying privileges for each role, and then assigning users to each role. This is much more efficient and less error prone than manually assigning all privileges to users.
- The ability to restrict and monitor access and changes to system files, directories, and other critical objects
Unauthorized changes to these objects are a common sign of an attack in progress. The best Unix and Linux server privilege management platforms not only enforce access restrictions for these objects with the same granularity discussed above for other privileges, but they also perform file integrity monitoring to detect unexpected changes to files and directories, and immediately report them to administrators for investigation and intervention.
- Constant monitoring and analysis of all log entries
A Unix and Linux server privilege management platform should be able to identify suspicious activity recorded in its logs and act accordingly, such as alerting administrators so they can investigate the activity and intervene if needed.
The True Cost of sudo
When it comes to replacing sudo, the #1 concern is cost. However, if you look deeper into the costs of administration, forensics, business continuity and support, you’ll find that you can’t afford NOT to have a commercial-grade solution.
We talked above about, with sudo, how you must manage each host separately. As an environment scales and becomes more complex, how much more time will admins need to keep up with policy? What about consistency? Wouldn’t systems become siloed? Especially if you have mixed Linux or Unix platforms. Remember, anything manual is prone to error, and errors mean risk. Every organization can benefit greatly from centralization and unified policy. That’s a tangible cost savings.
Forensics & Audits
The cost of forensic investigations can quickly spiral if multiple admins are needed to assist in tracking down logs or session recordings to meet a forensic request or auditor demand. One of the main benefits of a commercial solution is that it centralizes logging and session recording (including indexing) to greatly speed response times to such requests. How much flexibility do you have to scale up beyond the existing Unix/Linux team for reasons like this?
Risk Avoidance & Business Continuity Planning
What is the business cost of a data breach or system downtime? Not what the Ponemon report tells you, but what would it cost the business if a mission-critical Unix/Linux host goes down? With sudo, how quickly could the team troubleshoot and fix the problem? How can that be done without some centralization? Time is money, and I don’t think any business can be down while multiple team members are combing through logs.
Support & Platforms
Commercial solutions offer 24/7 global support and should be able to demonstrate a long track record of successful deployments of all sizes. Also, commercial solutions should have dedicated Unix/Linux experts in-house, and the solutions will support hundreds of Unix/Linux platforms. There would be less of a learning curve vs. an admin trying to do this individually or with sudo.
Checklist of Recommended Capabilities
We’ve taken the 25+ years of experience we have in the Unix/Linux privilege management business and developed an introductory guide for IT and security teams seeking to take greater control over their Unix and Linux estate. Think about the four considerations I noted above, compare that to what you’re getting today with your existing tools, measure the ROI, and then check out this new white paper that includes a checklist of recommended capabilities for simplifying and securing your Unix/Linux environment.
If you have questions about the benefits of using sudo vs. a commercial least privilege solution, BeyondTrust can help! Contact us today!