BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Use Me (Or My Password)

Post by Peter McCalister February 25, 2011

Wednesday’s car ride prompts a Classic Rock play list on the iPod and what do you know… Bill Wither’s “Use Me” spawns yet another blog courtesy of the line “Cause I sure am using you to do the things you do.” Without privilege identity management, your users will be used to do the things you don’t want them (or anyone) to do.

Specifically there are two scenarios that come to mind:

  1. If your desktop users have admin rights then they are susceptible to be “used” by malware to wreak havoc.
  2. If you’ve granted root credentials to server, virtual or cloud admins then they can “loan” them out to be used by someone else not necessarily authorized to do so.

We’ve discussed previously how Indirect Misuse of Privilege is a Malware Imperative and even how Google learned this lesson the hard way.  I still think it bears repeating that if you eliminate the disease you don’t have to deal with the symptoms.  With less marketing speak that means if I don’t have admin rights on my desktop, then malware has nothing to hijack and “use” to infect my computer.

Sharing admin credentials is a bigger problem and far more difficult to track.  Ask any admin if they have ever had to share their root password and the answer in front of the boss is an unequivocal NEVER.  However, in the quiet of a sports bar later that night without the boss in earshot the answer is ALL THE TIME.  If you give out root credentials then by definition they can be shared.  We’ve all seen enough bad Hollywood movies where some poor admin is either duped into giving up his credentials or tortured into it.  Either way the keys to your IT infrastructure are up for grabs for anyone’s “use” if they have the proper sway with the current admin owner of said credentials.

Implementing a least privilege solution across your entire enterprise (desktops, servers, virtual and cloud environments) can eliminate the “misuse” of admin privileges and make your environment more complaint, secure as well as productive.

Leave a Reply

Additional articles

April VEF Participant Wins a Apple iPad mini

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Post by Qui Cao April 24, 2014
smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Post by Morey Haber April 23, 2014
Tags:
, , , , ,
smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,