BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

3 Ways to Remediate Misuse of Privilege

Posted January 20, 2011    Peter McCalister

In the event that someone in your organization does misuse privilege and causes harm (theft, damage or loss of data), you will have to immediately deal with the aftermath.  In today’s security conscious enterprise, there are three level of remediation to consider:

  1. Password Management:  In this situation you have eliminated users maintaining their own credentials and facilitate the access to information technology (IT) resources through a web-based Shared Account Password Management (SAPM) solution.  When the user desires access they go to a specific web screen which then logs the user into the requested resource based on some recognized stored policy.  The good news here is that in the event someone misuse that resource, you have a record of who was using it at the time of the breach.  This is the equivalent of know who did the damage but not what they did.
  2. Session Management:  In this situation, you are building on Password Management with the addition of automatic logging of every event (or keystroke) to another server of what was done once someone is granted access to the resource.  If harm does in occur in this situation then you not only know who did the harm but what they did, so you can “unwind” or fix what was done.
  3. Privilege Delegation:  In this situation, you are delegating privileges (system authorizations) to specific users based on defined, centralized corporate policy.  This builds on Session Logging and delivers all of the previous value but now limits the damage potentially done as it limits what authorizations are available based on policy.  In effect you have prevented harm from being done and have a record of who attempted to do harm and what they attempted to do.

Bottom line is that you need some form of solution to protect against the misuse of privilege and remediate any potential harm that does occur.

Leave a Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,