BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

The Key to Controlling Privileged User Activity? Centralize!

Post by Peter McCalister April 18, 2012

Those of you who follow my blogs know that sudo – and the issues it presents IT organizations – is one of my favorite discussion topics. I suppose that’s because there is no shortage of stories that surface on a regular basis on the problems that can arise with sudo, and I feel compelled to remind our blog readers that the ease of deploying sudo coupled with the speed in which it can quickly spin out of control makes for a risky combination. Just last week I talked to yet another customer who lamented the security and compliance challenges of sudo: he had just discovered that IT admins were adding privileges for their friends to sudoer files across the organization. Not that hard to do when there is a sudoer file on every server, each managed locally, independently, often by multiple administrators.

Centralization truly is a cornerstone for control. Dorothy’s blog from April 2nd introduced BeyondTrust’s latest new product, PowerBroker Servers Enterprise 7.0, and captured how PowerBroker’s centralized approach and granular privileged access control protects against intentional or accidental misuse of privilege that would otherwise allow employees, or hackers through advanced persistent threat (APT) attacks, to execute privileged commands.

In the case of sudo, local sudoer files create a plethora of opportunities for misuse of privilege. Besides the common problem of ad hoc administration of the individual files documenting user privileges, there is also the issue of local, unencrypted logs. Such logs can easily be tampered with by the local user, eliminating any evidence of damage done through privileged access – intentional or not. As Dorothy pointed out, managing privileged access on all your Linux and UNIX systems, whether physical, virtual, or deployed in the cloud, is critical to ensuring only valid users run privileged commands on your servers.

PBSE provides the means for controlling privileged access on Linux and UNIX systems through:
Centralized policy files for managing user privileges, implemented through a simple-to-use graphical interface
Active Directory integration for centralized user management
Out-of-the-box reports on all privileged activity as well as regulation-specific compliance reports

There’s no doubt about it: a centralized approach to managing privileged access is proven to significantly reduce operational complexity and costs, protect critical assets from misuse of privileged access, and demonstrate compliance.

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,