By: Divya Bora
August 24, 2021
Best Practices For Privileged Access Management
By: Divya Bora
August 24, 2021
PRIVILEGED RISKS AND THREATS
Some of the most frequently occurring top-privilege related risks and challenges are:
- Risk due to over-provisioning of privileges
Overly restricted privilege accounts can disrupt the user workflow, resulting in frustration and impeding productivity. IT admins generally provision end-users with a great set of privileges as end-users enjoy the excess privileges. Since an employee’s role often fluctuates as their role evolves and they are assigned new responsibilities, they keep their new privileges while retaining privileges that are no longer in use.
All of the unnecessary excess privileges add up to a bloated attack surface. In Windows, users are often granted administrative account privileges by default, beyond what’s needed to perform routine tasks. Excess privileges pose a greater risk of malware being installed or malicious code being executed or delivered via web surfing or email attachments by hackers. The malware or hacker further leverages the entire set of account privileges by accessing data and even launching an attack against another computer network or server using the infected computer.
- Risk due to Hardcoded/embedded credentials
Usually, privileged credentials are used to ease the authentication process for app-to-app (A2A) and application-to-database (A2D) communications and access. Employees often hardcode their passwords in plain text, such as in a document, text file, or code, so it is effortlessly accessible as and when needed. This poses a substantial risk to the organization’s networks. Applications, network devices, systems, and IoT devices are commonly shipped and deployed with embedded default credentials easily guessable. These defaults can even be found easily on the internet after a little foraging.
- Risk due to lack of visibility into application and service account privilege
Generally, applications and service account automatically execute various privileged processes to communicate with other services, resources, or applications or perform actions. Since these applications and service accounts are granted excessive access rights by default, they are most likely to suffer from other serious security deficiencies.
- Risk due to lack of visibility and awareness of privileged users, accounts, assets, and credentials
The most commonly sprawled accounts across the organization are the long-forgotten privileged accounts. There may be millions of such accounts within an organization. These act as backdoors for attackers, such as former employees, who may have left the company but still access their privileged accounts.
- Risk due to shared accounts and passwords
IT teams share their root, Windows administrator, and other privileged credentials time and time again with their employees to narrow down their workloads and duties as these passwords can be seamlessly shared. Shared accounts and passwords make it impossible to tie actions performed with an account to a single individual, creating security, compliance, and audibility issues.
- Risk due to manual and/or decentralized credential management
Often, privileged security controls are termed immature. The management of privileged account credentials is poles apart across multiple organizational silos, leading to inconsistent enforcement of best practices. It is impossible to scale in the human privilege management processes in most IT environments where thousands, or even millions, of privileged account credentials have to be managed. With such a massive number of systems and accounts to manage, humans prefer to take shortcuts and reuse credentials across multiple accounts for multiple assets. One compromised account can jeopardize the security of all the other accounts by utilizing the same credentials.
- Risk due to siloed identity management tools and processes
Modern IT environments run across multiple platforms like Windows, Linux, Mac, Unix, and each of them is separately maintained and managed. This results in inconsistent administration for IT and leads to additional complexity for end-users, consequently increasing the cyber risk.
IoT, DevOps, and cloud environments present new privileged threat vectors and privilege management use cases like:
- The risk associated with IoT Devices
IoT devices consist of some critical security issues. They are prone to device hijacking and Denial of Service because they are internet-connected devices. This is more likely to happen when the devices are not up-to-date or not hardened, which is an issue with IoT devices. Data breaches are more likely to occur as the IoT devices act as an entry point to the internal network where sensitive information is stored. This happens when default passwords are used. All the risks are also a result of the improper onboarding of IoT devices in an organization.
- The risk associated with DevOps Environment
A DevOps environment requires high maintenance. It usually has a slow execution time and so has to deal with frequent failures. The most critical risk in a DevOps environment is poorly allocated resources and privileges to the users, increasing the risk to the network.
- The risk associated with Cloud Environment
In a cloud environment, most users have access to multiple instances at a given time, so the privileges must be managed very cautiously. Sometimes, privileged user accounts may be used by insiders to abuse the authorized access for malicious purposes. If cloud credentials are stolen, it may compromise all the instances and services related to that account.
PRIVILEGED THREAT VECTORS
The two types of threat vectors which the hackers can compromise are:
External Threat The organization’s most critical systems and sensitive data can easily be accessed by procuring the privileged account’s credentials, so hackers covet it. By using privileged credentials, the hacker can become an insider, easily manipulate and delete their logs to avoid detection, and traverse the sensitive resources through the compromised account.
Usually, the initial foothold is gained by a low-level exploit, like a phishing attack. Then the hackers laterally move through the network to find a passive account, allowing them to perform privilege escalation.
Internal Threat Insiders already have access to the organization’s network and start inside the perimeter. As they are already aware of the sensitive assets and data locations, they know how to navigate their way to them. Insider threats take the longest to be detected as they use user accounts that, generally, are trusted by default, and this assists them in concealing their malicious intent. The increased time to discover these threats means a higher potential for damage. Insider threats can cause the most catastrophic breaches.
BEST PRACTICES FOR PRIVILEGED ACCESS MANAGEMENT
An overview of some of the most important PAM best practices are:
1. Improving accountability and control over the privileged passwords One of the most logical ways to start is to gain control over the privileges by improving the accountability over privileged passwords within an organization to reduce security risks and achieve compliance objectives. Ineffective management of shared accounts leads to increased chances of risks for the organization.
Usually, systems have embedded or hardcoded passwords, which creates opportunities for hackers to misuse them. These passwords generally provide A2A or A2D access. Since passwords are mostly static, there should be protection against these passwords. Password rotation as a manual process is unreliable, and auditing or reporting user access is complex and time-consuming.
So organizations usually automate passwords and session management, which provides secure access control, alerting, auditing, and recording for any privileged account.
2. Implement least privilege, application control for Windows and Mac The next step to complete PAM is implementing the least privilege on all end-user machines starting with desktops and followed by servers. Some organizations might prioritize servers, depending on the business environment and the risk that comes with it.
IT restricts the end-users to support the audit or compliance requirements even though it is a cumbersome process. They grant local admins a few privileges to run a few applications that require elevated privileges to run.
The risk of users having excessive privileges is reduced by granting the least privilege access to only approved applications with a rule-based technology to elevate the application privileges without the need to elevate user privileges. Simplification of least privilege policies can be done by eliminating Windows or Mac admin privileges. This will also close any IT security gaps and improve operational efficiency.
3. Leverage application-level risk to make better privilege decisions Since shared credentials and end-user privileges are being managed, one needs to better understand vulnerabilities to make more informed privilege escalation decisions. But PAM just synthesizes the vulnerability and risk information in the business context and doesn’t help management make informed decisions. So, with huge volumes of data and static reports to go through, the security team detects the threats and determines how to act on them.
4. Implement least privilege in Unix and Linux Users may require root passwords, superuser status, or other elevated privileges to perform their tasks, but these lead to risks like intentional, accidental, or indirect misuse of the shared privileges granted to users whose systems are running on Unix or Linux servers.
Organizations can effectively delegate Unix and Linux privileges and authorization without disclosing the passwords for a root or other accounts to limit access to root accounts and avoid hindering productivity. Recording all the privileged sessions for audits like keystroke information helps achieve PAM requirements without relying on sudo or any native tools.
5. Unify management, policy, reporting, and threat analytics under one roof IT security professionals are usually overloaded with privilege, vulnerability, and attack data at all times. This makes advanced persistent threats go undetected because traditional solutions are unable to combine the data to identify the hidden risks. So the intruder often traverses the network, increasing the damage. It is advisable to configure PAM to combine the PAM and vulnerability management data, providing a single place to thoroughly analyze and address user or asset risks.
6. Integrate Unix, Linux, and Mac into Windows Unix, Linux, and Mac are considered to be standalone systems. Each is a silo with its own set of groups, users, configuration files, access control policies, and passwords. It is complex to manage various environments and leads to inconsistent IT administration, posing additional risk to the organization.
So, to achieve a consistent policy configuration and compliance requirements, it is advised to centralize authentication for Unix, Linux, and Mac environments by enabling Microsoft Active Directory’s Kerberos authentication and single sign-on capabilities on these platforms. To gain centralized configuration management, it is advised to apply Group Policy to the non-Windows platforms.
7. Real-time change auditing and recovery for Windows Now that we have all Windows and non-Windows systems integrated into Active Directory, we should audit the user activity to gain insights into the crucial AD changes. But keeping up with the AD changes is a cumbersome process that also disrupts the security and compliance implications.
Organizations require a centralized real-time changing auditing for AD, SQL, File servers, NetApp, and Exchange, with the ability to restore AD objects or attributes. This centralization will also lead to the establishment and enforcement of entitlements across the Windows infrastructure. This, in turn, also leads to simpler administrations for the organization and will help them mitigate the risks of the undesirable changes.
Privileged Access Management Basics is a course specifically designed to strengthen the basics of Privileged Access Management for a beginner. Privileged Access Management Fundamentals will provide a complete summary of PAM and make the topics covered in this article more clear. For an intermediate student, Privileged Access Management is a perfect start.
- https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.tripwire.com%2Fstate-of-security%2Fsecurity-data-protection%2Fwhy-pam-cisos-top-priority%2F&psig=AOvVaw2k_AGVcMw3WvCdt_MrMTVn&ust=1623582765514000&source=images&cd=vfe&ved=0CA0QjhxqFwoTCIiL66b7kfECFQAAAAAdAAAAABAR(Image 1)
- https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.beyondtrust.com%2Fresources%2Fglossary%2Fprivileged-access-management-pam&psig=AOvVaw2k_AGVcMw3WvCdt_MrMTVn&ust=1623582765514000&source=images&cd=vfe&ved=0CA0QjhxqFwoTCIiL66b7kfECFQAAAAAdAAAAABAY(Image 2)