Can They Access Sensitive Data?
Businesses are facing unique challenges related to “privileged accounts,” accounts that are built into applications or systems with privileges that normal users do not have. Privileged accounts can also be created by administrators to manage specific applications, run services, execute tasks, and control file systems. Such privileged accounts are necessary for day-to-day operations in environments containing Windows domain-joined systems, standalone Windows machines, and UNIX or Linux infrastructure. These accounts become of particular importance when they can be used to access sensitive data.
One of the major, frequent challenges of working with privileged accounts centers on identifying them. Larger environments can often lose track of where privileged accounts even exist. Imagine some built-in account with privileges that has never once had its password changed… only because administrators have lost track of it. Forbes Magazine recently recognized the importance of this issue in an article, stressing the importance of simply identifying which accounts are privileged and where the accounts are used. Once privileged accounts are identified, you can begin searching for potentially toxic conditions like stale accounts, password compliance issues, excessive account access to resources, and over-use of such accounts outside the scope of their intended purposes. Like accessing sensitive data!
So, how do you get started identifying privileged accounts? You first need to discover and evaluate all accounts with access to Windows servers or to UNIX/Linux systems. While Windows privileged accounts are often located in an administrative group on a local system, for UNIX and Linux users that possess root access there is no single, universal definition of “privileged”. And so, all accounts need to be identified and afterward classified as “privileged” when they meet specific criteria. One must generate a clean map of all access to Windows and UNIX/Linux resources before it will be possible to accurately evaluate and remediate issues of improper access in the environment.
When used improperly or maliciously, privileged accounts represent a significant security threat to your business, often exposing sensitive data and damaging an organization’s reputation. Take the first step towards preventing improper use of privileged accounts by identifying which accounts are privileged and where they are being used with our free Local Administrator Trial.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.