How To Manage Privileged Accounts: Security Tips

Strategies to identify, separate, and audit IT administrator accounts can stop insider abuse.

November 7, 2011

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Whether you're a company trying to comply with Payment Card Industry (PCI) requirements, an energy utility looking to get a handle on standards set forth by the North American Electrical Reliability Corporation (NERC), or the typical enterprise, separation of privileges and privileged account management can be a daunting task. The seemingly simple undertaking of inventorying privileged and shared accounts can be difficult in an environment with differing technologies. However, the need to identify those accounts and manage and audit them is a critical need for many companies--though not one that can be done quickly and without proper planning.

Compliance requirements for privilege separation and monitoring of sensitive activities performed by privileged accounts give the phrase, "Who watches the watchers?" new meaning. And with the general consensus by users that IT administrators have too much control, it is important to have checks and balances in place to prevent abuse.

When dealing with the issues surrounding privileged accounts, enterprises have to approach it slowly and methodically to be sure business and security needs are met, as well as compliance. Jumping in too quickly just to check off a box for the auditor will cause numerous headaches. Problems can range from locked-out accounts and the failure of scripts that rely on embedded passwords, to business processes being delayed, causing loss of revenue.

The first step is to inventory privileged accounts, passwords, and how they are used. The last part is extremely important as shared passwords, service accounts, embedded devices, legacy systems, and automated scripts need to be considered. Email surveys and interviews with IT and users can be used to identify privileged and shared accounts. In an ideal world, the account provisioning process included a specific naming convention to identify these types of accounts, but even with those guidelines in place, things slip through the cracks.

Log monitoring and searching files (e.g., automated scripts) can help identify the accounts that humans aren't typically involved with using and have likely been forgotten about. The logs can be used to identify accounts that are used at regular intervals to indicate an automated process. Similarly, logins occurring late at night could be the results of automated backup processes.

Read the rest of this article on Dark Reading.

Read more about:

2011
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events