Privileged accounts that allow administrators to manage the IT environment, are required in just about every enterprise. But privileged accounts also introduce some serious compliance and security risks to organisations. They are often “black or white” types of accounts. For instance, in Unix, privileged accounts such as root grant a technician who simply needs to unlock a password full administrative rights, which can be intentionally, or unintentionally, misused.
Privileged accounts are more difficult to manage than regular user accounts because many people and systems often share credentials, making it very difficult to secure them, regularly change them, and to hold users accountable their actions when using the credentials. There is a BeyondTrust white paper that will help by outlining clear, modular steps your organisation can take to mitigate the security risks of Unix/Linux privileged accounts. But the summary follows!
Why Unix and Linux Privileged Accounts Present Such a Risk
Many organisations store critical applications and sensitive data on Unix or Linux systems. But these privileged accounts and credentials are typically difficult to secure, control and monitor. Unix and Linux “root” accounts are the most powerful accounts, and without a root management and security tool to bring accountability, organisations face a number of security and compliance risks. As a result these accounts and credentials are often left unprotected against malicious and unauthorised users. To protect Unix/Linux accounts and credentials in a uniform and effective manner, best practice is to use controls that centrally manage privileged accounts throughout the enterprise, secure and rotate privileged account credentials, proactively secure privileged user sessions and continuously monitor privileged accounts to detect anomalous activity.
Five Steps to Better Manage and Protect Unix & Linux Accounts
Step 1 – Lay a Solid Foundation
An important step is setting up some rules and controls, such as changing default IDs and passwords for privileged accounts and disallowing sharing of these privileged accounts.
You should also seek out tools that can help to automate the discovery, security, and protection of your privileged accounts. These tools should allow you to continuously discover privileged accounts, store privileged account passwords in a safe, automatically rotate passwords regularly, and effectively monitor and report on privileged account activity.
Step 2 – Implementation of PAM into Your Environment
During implementation of your PAM strategy, you should strive to limit the rights of your administrators. As mentioned earlier, Unix takes an “all access” approach to administrator permissions. Granting administrators everything they need to do their jobs, but nothing beyond that, will bring order to your PAM solution.
Set your PAM solution up to track administrator activity. Many organizations have a system to track what employees are doing, but that tracking often doesn’t include privilege account users. Make sure your solution provides real time observation of your privilege accounts, creates an audit trail and alerts upper management of problems.
Step 3 – Secure the PAM Solution
Securing your PAM solution can be a huge challenge. However, it is essential to control, protect, and secure your privileged accounts. There are two things that I think are vital to your success. First, you should avoid the use of manual methods for PAM. Manual practices are dangerous and inefficient, and automated PAM software solutions can be installed quickly and managed with minimal effort. By automating your PAM solution, you will save time and money and greatly increase protection of your network.
Second, you should choose a partner for your PAM solution. An experienced PAM implementer will help you to effectively and efficiently control access to your sensitive systems and data, comply with policies and regulations, and ultimately make your company safer.
Step 4 – Continuously Improve the Privileged Access Management Solution
One essential aspect at this stage is to ensure that you have ongoing improvement in auditing privileged accounts and demonstrating compliance. Here are a few tips for doing this.
- Audit and analyze privilege account activity to examine how they are being used. This will help you to spot unusual behaviors that may indicate a breach or misuse and to keep track of the root causes of security incidents, as well as demonstrate compliance with policies and regulations.
- Demonstrate compliance with regulations, as PAM security is considered an essential part of any overall cybersecurity protection strategy.
- Keep discovering privileged account changes made in your network in order to maintain the visibility and control necessary to protect your critical information assets.
Step 5 – Integrating PAM with Your Existing Unix Linux Security Controls
The final step consists of integrating all you have built into your current environment. PAM is just one essential component in your overall strategy and integrating it as part of the broader category of Identity and Access Management (IAM) ensures that your privileged accounts will be kept as secure as possible. A good PAM solution will also improve insights into vulnerability assessments, IT network inventory scanning, virtual environment security, identity governance, and administration and behavior analytics.
The problems that arise from uncontrolled access to privileged accounts can result in multimillion dollar losses for your organization. Privileged access on Unix/Linux systems represents a serious security risk that must be addressed in a thoughtful, practical and balanced manner. There is no silver bullet for IT security, but by following these five modular steps I have outlined in this white paper, your organization can assess its current situation, identify gaps and mitigate the risks involved in providing privileged access. Fortunately, there are powerful, cost-effective solutions readily available to protect your organization.