Superuser accounts are highly privileged accounts primarily used for administration by specialized IT employees. These users/accounts may have virtually unlimited privileges, or ownership, over a system. Superuser account privileges may allow:

Superuser Accounts in Windows, Linux, & Unix/Unix-like Systems

In Windows systems, the Administrator account holds superuser privileges. Each Windows computer has at least one administrator account. The Administrator account allows the user to install software, and change local configurations and settings, and more. Standard users have substantially curtailed privileges, while guest user accounts are generally limited even further, to just basic application access and internet browsing.

In Linux and Unix-like systems, the superuser account, called ‘root’, is virtually omnipotent, with unrestricted access to all commands, files, directories, and resources. Root can also grant and remove any permissions for other users. Mac OS X, is Unix-like, but unlike Unix and Linux, is rarely deployed as a server. As a default, Mac users run with root access, though, as a best security practice, a non-privileged account should be created and used for routine computing to reduce the potential and scope of privileged threats.

Security Implications of Superuser Accounts

If misused, either in error (i.e. inadvertently deleting an important file or mistyping a powerful command), or with malicious intent, superuser accounts can inflict catastrophic damage to a system/organization.

While most security technologies are developed to protect the perimeter, superusers are already on the inside. Superusers may be able to change firewall configurations, create backdoors, and override security settings, all the while erasing traces of their activity.

Inadequate policies and controls around superuser provisioning, segregation, and monitoring further heighten risks. Database administrators, network engineers, and application developers are frequently given full superuser access. Users often share superuser accounts between them, which muddles the audit trail. In the case of Windows PCs, users often log in with administrative account privileges—far broader than what is needed.

In one of the more notorious tales of a rogue insider, Edward Snowden, an IT contract worker for the NSA, abused his superuser privileges to access, copy, and leak over 1 million highly sensitive NSA files. In the wake of this scandal, the NSA targeted 90% of it system administrators for elimination, to better establish a least-privilege security model.

Hackers covet superuser accounts knowing that, once they assume these accounts, he/she essentially becomes a highly privileged insider. Additionally, malware that infects a superuser account, can leverage the same privilege rights of that account to cause damage and steal data.

How to Secure & Monitor Superuser Accounts

Organizations looking to rein in and protect superuser accounts will implement some or all of the following best practices:

Technologies for Managing/Securing Superusers

Privilege Access Management (PAM), also called Privileged Identity Management (PIM) or just Privilege Management, involves the creation and deployment of solutions and strategies to manage superuser and other types of privileged accounts across an environment. PAM solutions: