If you look at the security breaches that have been in the news almost weekly over the past several months, they all have one thing in common — someone was able to get their hands on stuff they should not have been able to access and were able to do lots of damage acting as a “superuser.” Ask yourself, how much damage could someone do to your employer if they got hold of your corporate credentials? Probably not that much. Maybe they could pretend to be you and request changes to your organization’s website, or they could blog as you and say mean things about your boss. Or they could send out a companywide email full of slanderous gossip… But none of those would bring your employer to its knees.
Download and read Identity and Access Management for the Real World: Privileged Account Management, to learn about a unified, real-world approach to privileged management.
Now ask yourself: what if I was a system administrator and I had access to the root account on a critical server that housed all of our customer data, or maybe the secret design plans for our next revolutionary IAM solution? And what if one of those bad guys was able to get hold of that type of access? A breach like that could have you acting out the famous scene from “Ghostbusters”: “A disaster of Biblical proportions… Fire and brimstone coming down from the skies! Rivers and seas boiling! Forty years of darkness! Earthquakes, volcanoes… The dead rising from the grave! Human sacrifice, dogs and cats living together… Mass hysteria!” Okay maybe not that bad, but you get the point.
Here are a four reasons why privileged accounts are security threats:
- They are all powerful — with these accounts, you can do everything and anything you want on the system (including modifying logs to cover your tracks)
- They are anonymous — it is a system account and not tied to an individual; so, if someone does something bad, all you know is “root” did it, not who was using root at the time
- They are shared — most of the time, for efficiencies sake, the administrative password is given to everyone that might need to use it ever, and that privileged group can be a handful of people or hundreds
- They are hard to monitor — natively, most systems provide no means for watching what is done with these all-powerful credentials, and if you do find something amiss, it’s tough to narrow it down to the individual
But there is hope: watch this privilege management video to learn more. Technologies exist that can overcome all of these shortcomings, and most organizations are using one or more of them. But therein lies the problem… How disjointed are the solutions being used, and what’s falling between the cracks? Here are a few videos that talk about some of these solutions:
- Privileged Password Manager product overview
- Real-world Identity and Access Management for Unix systems
- Replace Hard-Coded Passwords with API Calls using Dell One Privileged Password Manager
If you read any of the previous “Identity and Access Management for the Real World” chapter, you know that I am on this soapbox about unifying, simplifying, and implementing IAM solutions with an ideal end state in mind. My mantra, is “future-proof your IAM, so you don’t have to keep going back to the well.” This is just as true for privileged account management as it is for access management and identity governance. This video offers a nice overview of how to control superuser permissions.