7 hours 15 minutes
Hey, everyone, welcome back to the course. So in the last video, we took a look at the introduction to this course. We talked about my background, your instructor. We also talked about some of the pre requisites that would be good for this course. So you could be more successful in taking it
in this video. We're gonna talk about what privileged access management is.
We're also gonna talk about lease privilege a little bit.
So what is privileged access management? This is where we're talking about controlling
the privileged access or permissions. Well, what do we mean by privileged access? We mean that an account that basically has two keys to the kingdom, right. They could do anything that they want to. They can create other users that belonged to various systems without any issues.
The overall goal of Pam is ultimately to reduce the attack surface.
So as we locked down various accounts, we want to make it more difficult for an attacker to come into our network and move laterally throughout our network.
You may also hear it called P I am or privileged identity management, and it's all part of the overarching I am or identity and access management.
Now, that was a center. If I survey done in 2019 that mentioned roughly 74% of all breaches involved access to a privileged account, which is actually understandable, right? Attacker coming in that steals the guest credentials. Air steals the standard user account credentials
is naturally going to try to elevate those privileges
to a privilege user account, such as a super user type of account. And they're gonna try to use that to move laterally through the network and get access to various systems.
Now, I like this, uh, image by fi Codec here, and I felt I wanted to share to this course. It really kind of shows a cycle of what happens with our Pam.
So we, of course, need to start off with defining what is an actual province user account. Right? So what does that mean in our network? Do we have active directory? And so if he asked, maybe that's an administrator account for that,
Then we need to discover all of the accounts that we have who has privileged access across their network.
We need to manage and protect those accounts, and we also need to remove access for people that don't actually need it. We then need to monitor those accounts to make sure that nobody is escalating their privileges. If we detect something, then from there we can either identify it. It's like an incident. Hey, this is not a normal use of this.
And then from there, once we identify the incident, we respond to it. We clear it up and then we go into our review and audit phase where we say, Well, do we put any steps in place? What did work, what would what didn't work? We make some adjustments
and then from there we go back into the cycle here. So I want to share that image because it's really shows us the sort of activities
we need to be thinking through as we think of privilege access management.
So when we talk about project management management and we talk about ways to circumvent
anyone getting access to our privileged accounts, we need to talk about a concept called least privilege to the concept of leafs privilege. And really, what that boils down to is we want to give people or systems the minimum necessary access, so as an example,
I worked in the past as a nurse for a health care company. And then when I transitioned into the I t roam over there,
one thing that happened is we noticed that the previous I T individuals had basically granted everyone administrative access. So I'm talking about
network administrator access where the domain is the domain administrator access where they could basically log into anything. Now, of course, these users didn't understand that they have that access right. They all just wanted to do their jobs and chart and document on the patients. But they had this access, so we had to go in and remove all that access.
And that's the whole concept of leave privilege, right, because
they didn't need all that access. All they needed was access to be able to document the patient vital signs and the other clinical documentation, and to perform some basic things, like launching word doctor Excel browsing the Internet. But they didn't need actual administrator access where they could go and make adjustments on various machines on the network
as well as create different user accounts.
So we're also talking about least privilege for authorized activities, right? So these need to be something that the individual or the system should be doing. We shouldn't be saying Well, yes, I know that you're an accountant, so really, technically, you should have access to these things. Does that person actually need access to those systems?
And usually when we talk about least privileged types of accounts, we're talking about what's called your standard user accounts. So that's your just your generalized user account and sometimes a guest account that might even have less access than the standard one.
So privileged accounts, as we mentioned, What are they? They are the keys to the kingdom, right? So we call them a lot of time super user accounts and based off the operating system you're using. He may also refer to it as like administrator account or even the root account if you's like clinics for Mac.
So some common types
are the local admin, and this is what many organizations will give their standard users some capacity. They'll give them local administrative rights on their local host machine there, so they're they're actual machine, and that way they can perform various tasks on their without
causing any issues on the network or without having access to
anyone else's machines. Now the domain and minutes when I mentioned where you essentially will have the keys to the kingdom, right, you you can access all the systems you can create users. You can also create users like an active directory, so there's a lot of things that you can do with that type of access.
And so again, domain access or Dimona Domain admin isn't just
all the workstations, right? It's also all the servers and everything else.
There's also a type of account out there that it's called many different names, usually, so it might be called like emergency. I think some companies call it a fire call account. Other ones call it breaking the glass or break the glass account.
And really, what it is is that it's an unprivileged. User accounts like your standard user account, but it has the ability in an emergency to become a admin account, right, so you're like your domain administrator s, so that way they could help out secure system. So maybe this is a individual in the organisation. That's
a what we would call like a super user in the health care industry. So for example,
what I worked in I t healthcare and then some security for health care. What we had is we had the super users, so there would be nurses that were a little more technical savvy. We didn't give them administered access, but we call them Super Years is super users because in a critical situation
where we needed sort of a go to person to help us recover
for that particular nursing department,
we would task this individual with that access so we would train them up. We would basically tell them once an emergency occurs, we're gonna flip a switch and you'll be an administrator, and these are the things you need to do. So we would run through some exercises, make sure they understood that and had the hands on experience with that. So that's what I'm talking about There. It's an emergency type of account is normally
a restricted, you know, standard user account.
But in the event of an emergency we've got and the ability to flip a switch, and now they've got admin access to help us out.
We also got service accounts, so you know. So these are gonna be your privileged local or the domain accounts, but basically it's gonna be used by an application or a service to interact with the operating system itself. We've got our A D or active directory
accounts. So this is where Weaken have administrative access, an active directory, create users, take away access, grant access, etcetera.
And then we've got our application and council. These are the ones that are used by things like databases to also run like batch jobs or scripts. So lots of different types of privileged access there probably most common types that your average user would deal with. They're going to the local
admin, and then they may be hearing about, like the domain admin. And they think of that is probably
the overall administrator account.
So just a quick quiz question here for you. It's important to maintain Pam on administrator accounts, but not Super user accounts is a true or false.
All right, so that's false, right? It is important, of course, to maintain privilege access management on administrator accounts, but we talked about the fact that Super Years accounts in most cases are the same thing as administrator or root accounts.
So in this video we talked about what privileged access management actually is. We also talked about the concept of least privilege, and we talked about various administrator types of accounts that have the privilege access.
In the next video, we're gonna talk about why privilege access management is actually needed.