Privileged account passwords for domain admin accounts, root accounts, superuser accounts, and more, are the preferred targets for hackers these days. Why? Because they give them the “keys to the kingdom,” allowing them to gain access to your most sensitive and critical information resulting in data loss, identity theft and more.
With the daily workloads experienced by many IT groups it is easy to overlook the effective management of these key accounts. People leave the organisation or contractors finish their work and despite the very best intentions, these credentials remain active making it easy for someone to gain unauthorised access. Similarly, potential security risks can manifest themselves within the IT group where a number of staff members have to access particularly secure aspects of the network. Despite the risks involved in distributing these logons, it is not uncommon for unqualified staff to gain access to them.
In many respects, leaving these privileged accounts unmanaged is like having the world’s most secure bank vault but leaving the keys on the table!
There are a number of steps to bring the privileged accounts under control both as internal actions as well as utilising software to provide an ongoing management platform. Some simple and quick steps can make a significant improvement to security:
Discover and Secure
Deploy a network tool that can identify all active accounts, the access history relating to them and their relevant access levels. Once identified, each account can be validated and either deleted if no longer required or brought into a centralised and secure privileged account management application.
Enforcing Least Privilege and Application Whitelisting
Removing Administrator privileges or superuser privileges from users, safeguards employees from malicious software. Application whitelisting allows organisations to analyse software prior to making it available and with the minimum privileges needed to perform specific tasks, checking whether an application comes from a trusted source, enhances system security controls, and alerts security analysts to suspect requests.
Protecting Password and Privileged Account Access
Implementing effective security controls over these powerful accounts can differentiate between properly defending against a simple perimeter breach or experiencing a cyber catastrophe. Companies should routinely provide suitable training for employees on best practices for password choices. Insecure password habits often occur when a very complex and difficult to remember password is required. Storing passwords in a secure vault, and using automated password management software can mean the difference between a single system and user account being compromised, including the organisation’s entire computer system. Organisations need to continuously audit and discover user accounts and applications that provide privileged access, and seek to remove administrator rights where they are not necessary.
Keeping Systems Patched and Up-To-Date
Another key security control focuses on continuous security patching of applications and operating systems. Keeping all application and operating systems security updates current, will significantly reduce the risks from outside attackers and other malicious intrusions. Minimising privileged credential risk, limit user privileges, and control applications on endpoints and servers will significant reduce the chance of exploitation of company systems and data.
Ongoing Security and Management
To provide an effective platform to manage these privileged accounts, Perfekt partners with Thycotic, a global leader in IT security that provide protection against cyber and internal attacks. Thycotic’s award winning Privilege Management Security solution, “Secret Server”, minimises privileged credential risk, limits user privileges and controls applications on endpoints and servers.
Secret Server provides a number of key features for effective account access management both on premise and in cloud environments:
A secure vault and password manager with Active Directory integration
Automatic discovery of local and Active Directory privileged accounts
Automatic password changing for network accounts
Enhanced auditing and reporting
CRM, SAML, HSM integration
Monitoring of keystrokes and activity relating to privileged accounts