Skeeter Spray is a blog for the common Information Security Professional. Why Skeeter Spray? See Post #1

Saturday, June 29, 2013

Controlling Privileged Access

First, I define privileged access as anything above what the standard user would get?  How do you control privileged access?   Do you allow your Linux system administrators to have the root password?   Do you Windows administrators have the password for a system account with admin privileges?  Or maybe they have domain admin rights assigned to their personal account.

A while back I attended a presentation about for a product that stores the passwords for accounts…the assumption is that all privileged accounts would be stored in this solution along with the passwords.  This system is also capable of being integrated with AD and your ticketing system so when a user needed the password, the system would check to make sure there is a valid ticket (incident or change request) and that the requestor is also in the right AD group.  This security solution will also change the password after a set amount of time from when the password was retrieved.   This would seemingly prevent the user from reusing the password for an unlimited about of time.

While I can see why management and Internal Audit would love this solution….on the surface it meets the compliance requirements for controlling access and assists with the change management process.  This system is also very useful in storing passwords that don’t get used very often, thus making sure they are available in a business continuity situation.   However, does it help a company be secure or does it give a false sense of security?    

What are the actual actions performed when the password is retrieved?   The IT guy could retrieve the password and make any change under the guise of whatever the Incident or Change ticket talked about.   Every environment has those system accounts where the password is never changed.  These accounts tend to have a high level of privileges and everyone on the team knows the password….so no trouble ticket is required to use these accounts.   I could go on and on, but you get the point.

What is the solution?  So will argue that the administrators need admin privileges all the time….it is their job.   I don’t necessarily disagree with that.   I believe the solution lies in monitoring what the privileged accounts are doing.   Implementing one of the solutions that monitors key folders, directories, and files for access and modification is also needed.   

Until next time…

1 comment:

  1. I believe an alternative solution is to use a privilege management product. All users log on with standard rights and admin rights are automatically applied to the apps that need it when they are run. No need for the user to ever have an admin account/password ever again.