How To Manage Privileged Accounts: Security Tips

Strategies to identify, separate, and audit IT administrator accounts can stop insider abuse.

November 7, 2011

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Whether you're a company trying to comply with Payment Card Industry (PCI) requirements, an energy utility looking to get a handle on standards set forth by the North American Electrical Reliability Corporation (NERC), or the typical enterprise, separation of privileges and privileged account management can be a daunting task. The seemingly simple undertaking of inventorying privileged and shared accounts can be difficult in an environment with differing technologies. However, the need to identify those accounts and manage and audit them is a critical need for many companies--though not one that can be done quickly and without proper planning.

Compliance requirements for privilege separation and monitoring of sensitive activities performed by privileged accounts give the phrase, "Who watches the watchers?" new meaning. And with the general consensus by users that IT administrators have too much control, it is important to have checks and balances in place to prevent abuse.

When dealing with the issues surrounding privileged accounts, enterprises have to approach it slowly and methodically to be sure business and security needs are met, as well as compliance. Jumping in too quickly just to check off a box for the auditor will cause numerous headaches. Problems can range from locked-out accounts and the failure of scripts that rely on embedded passwords, to business processes being delayed, causing loss of revenue.

The first step is to inventory privileged accounts, passwords, and how they are used. The last part is extremely important as shared passwords, service accounts, embedded devices, legacy systems, and automated scripts need to be considered. Email surveys and interviews with IT and users can be used to identify privileged and shared accounts. In an ideal world, the account provisioning process included a specific naming convention to identify these types of accounts, but even with those guidelines in place, things slip through the cracks.

Log monitoring and searching files (e.g., automated scripts) can help identify the accounts that humans aren't typically involved with using and have likely been forgotten about. The logs can be used to identify accounts that are used at regular intervals to indicate an automated process. Similarly, logins occurring late at night could be the results of automated backup processes.

Read the rest of this article on Dark Reading.

Read more about:

2011
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights