BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

The Key to Controlling Privileged User Activity? Centralize!

Posted April 18, 2012    Peter McCalister

Those of you who follow my blogs know that sudo – and the issues it presents IT organizations – is one of my favorite discussion topics. I suppose that’s because there is no shortage of stories that surface on a regular basis on the problems that can arise with sudo, and I feel compelled to remind our blog readers that the ease of deploying sudo coupled with the speed in which it can quickly spin out of control makes for a risky combination. Just last week I talked to yet another customer who lamented the security and compliance challenges of sudo: he had just discovered that IT admins were adding privileges for their friends to sudoer files across the organization. Not that hard to do when there is a sudoer file on every server, each managed locally, independently, often by multiple administrators.

Centralization truly is a cornerstone for control. Dorothy’s blog from April 2nd introduced BeyondTrust’s latest new product, PowerBroker Servers Enterprise 7.0, and captured how PowerBroker’s centralized approach and granular privileged access control protects against intentional or accidental misuse of privilege that would otherwise allow employees, or hackers through advanced persistent threat (APT) attacks, to execute privileged commands.

In the case of sudo, local sudoer files create a plethora of opportunities for misuse of privilege. Besides the common problem of ad hoc administration of the individual files documenting user privileges, there is also the issue of local, unencrypted logs. Such logs can easily be tampered with by the local user, eliminating any evidence of damage done through privileged access – intentional or not. As Dorothy pointed out, managing privileged access on all your Linux and UNIX systems, whether physical, virtual, or deployed in the cloud, is critical to ensuring only valid users run privileged commands on your servers.

PBSE provides the means for controlling privileged access on Linux and UNIX systems through:
Centralized policy files for managing user privileges, implemented through a simple-to-use graphical interface
Active Directory integration for centralized user management
Out-of-the-box reports on all privileged activity as well as regulation-specific compliance reports

There’s no doubt about it: a centralized approach to managing privileged access is proven to significantly reduce operational complexity and costs, protect critical assets from misuse of privileged access, and demonstrate compliance.

Leave a Reply

Additional articles

red-thumbprint

Why big data breaches won’t always be so easy

Posted September 19, 2014    Byron Acohido

This blog post is republished with the permission of ThirdCertainty. See the original post here. – By: Byron Acohido, Editor-In-Chief, ThirdCertainty Some day, perhaps fairly soon, it will be much more difficult for data thieves to pull off capers like the headline-grabbing hacks of Home Depot and Target. That’s not a pipe dream. It’s the projected outcome…

Tags:
, , , , ,
pbps-blog2

8 Reasons Your Privileged Password Management Solution Will Fail

Posted September 18, 2014    Chris Burd

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do two out of three data breaches tie back to poor password management? The fact is that not all privileged password management strategies are created equal, so it’s critical…

Tags:
, , , , , ,
pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,