BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Do You Know Where Your Linux/UNIX Users Are?

Posted March 13, 2012    Peter McCalister

Or even who they are?

Sure you do, you say. You have someone responsible for managing Linux and UNIX user accounts. She manages the user store, grants user access to specific Linux/UNIX servers, and assigns specific privileges to users on those servers. When someone leaves the company, she makes sure the specific user accounts are removed. When someone assumes a new role within the company, she modifies the privileges accordingly.

Really, though – do you actually know that your Linux and UNIX users are being managed with the same rigor as your Windows users? Do you know what IT assets they have access to? Do you know for sure that there aren’t orphaned UNIX and Linux user accounts for employees that have long since moved on, that are still active? Your lead administrator for UNIX and Linux systems may be as competent as they come, but managing separate user accounts is a manual, labor-intensive process – which means it’s a process highly subject to human error.

If you deploy Active Directory in your IT infrastructure, you likely have a firm grasp of who your Windows users are and what privileges they have. You define access policies and push them out to your Windows users. You manage the users through a centralized repository. You wipe out user accounts the day its owners leave the company. Point and click; done.

So, don’t you find it interesting that 97% of companies use Active Directory in some capacity but the vast majority don’t join their Linux and UNIX users to it, even though the technology to do so has been around for years? It’s even more surprising given the fact that the most privileged users in your organization probably have Linux and UNIX user accounts, and thus present the highest insider threat risk, through either intentional or accidental means. Your most critical assets are likely Linux and UNIX servers. These are the devices that house your most sensitive data, the servers upon which your most business-critical applications run. So why are your Linux/UNIX user accounts managed in silos, separate from the secure infrastructure of Active Directory?

You don’t have to look far to find a best-of-breed solution that combines the ease and flexibility of enabling AD as an infrastructure-wide repository for all of your users – Linux/UNIX as well as Windows – with the robustness of enterprise-class privileged user management tools for your Linux and UNIX environments. Simplified, secure, heterogeneous user management combined with powerful oversight and control over your most critical assets is a combination that brings the best gift of all to an IT professional – peace of mind.

Leave a Reply

Additional articles

powerbroker-for-mac-diagram-small

PowerBroker for Mac: A Least-Privileged Apple a Day…

Posted July 27, 2015    Jason Silva

BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Tags:
, ,
PrivilegedAccountManagement

On Demand Webinar – Now is the time for Privileged Account Management

Posted July 24, 2015    BeyondTrust Software

In this webinar, SANS Instructor and Founder of Voodoo Security, Dave Shackleford, will revisit several hacking and breach scenarios that involved privileged accounts, and use these as examples while discussing tools and tactics to get this problem under control once and for all.

Tags:
, ,
dave-shackleford-headshot

Privileged Account Management: The Time is Now

Posted July 22, 2015    Dave Shackleford

There’s plenty of problems we don’t have great options for in InfoSec today. Malware is a pain point that keeps evolving rapidly. 0-day exploits are tough to prepare for. Privileged account management? We got this. We know the root causes, we know how it manifests, we know how to get it under control effectively, and there are great technology solutions that are enterprise-class.

Tags:
, ,