BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Use Me (Or My Password)

Posted February 25, 2011    Peter McCalister

Wednesday’s car ride prompts a Classic Rock play list on the iPod and what do you know… Bill Wither’s “Use Me” spawns yet another blog courtesy of the line “Cause I sure am using you to do the things you do.” Without privilege identity management, your users will be used to do the things you don’t want them (or anyone) to do.

Specifically there are two scenarios that come to mind:

  1. If your desktop users have admin rights then they are susceptible to be “used” by malware to wreak havoc.
  2. If you’ve granted root credentials to server, virtual or cloud admins then they can “loan” them out to be used by someone else not necessarily authorized to do so.

We’ve discussed previously how Indirect Misuse of Privilege is a Malware Imperative and even how Google learned this lesson the hard way.  I still think it bears repeating that if you eliminate the disease you don’t have to deal with the symptoms.  With less marketing speak that means if I don’t have admin rights on my desktop, then malware has nothing to hijack and “use” to infect my computer.

Sharing admin credentials is a bigger problem and far more difficult to track.  Ask any admin if they have ever had to share their root password and the answer in front of the boss is an unequivocal NEVER.  However, in the quiet of a sports bar later that night without the boss in earshot the answer is ALL THE TIME.  If you give out root credentials then by definition they can be shared.  We’ve all seen enough bad Hollywood movies where some poor admin is either duped into giving up his credentials or tortured into it.  Either way the keys to your IT infrastructure are up for grabs for anyone’s “use” if they have the proper sway with the current admin owner of said credentials.

Implementing a least privilege solution across your entire enterprise (desktops, servers, virtual and cloud environments) can eliminate the “misuse” of admin privileges and make your environment more complaint, secure as well as productive.

Leave a Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,