What are Privileged Accounts?
Privileged Accounts, as the name suggests are only for privileged users, super-users and administrators who are entrusted with the responsibility of managing infrastructure or cloud critical systems. These super users are equipped with certain privileged access rights that are not equally enjoyed by other end users.
Every system – be it OS, Databases, Network Devices or Applications – there are privileged accounts that are assigned on each of them to perform critical activities. Quite naturally, this means that there can be an abuse of the privileges, intentionally or accidentally, if not appropriately monitored and controlled. (Read how to plan against privilege abuse)
Interestingly, there are different types of privileged accounts that can be assigned to a system. The simplest of privileged account that most know of and can relate to is the default ‘administrator’ account you have seen on your system. This account has been granted rights to have complete control of the system and do anything in the purview of the operations of the system.
Types of Privileged Accounts
These accounts have the access for a single system that the user is using i.e. it is local to the user. The user id and password are stored locally on the hard drive of the system being used. Default administrator accounts are local accounts.
The local account provides us with the account usability as what programs can be installed or removed, what type of files can be accessed which services can be run or blocked on the system etc.
These accounts keep IT users’ id and password on the domain controller rather than the system in which it is logged in. As soon as the domain user logs in the system, the privileges of that user are being asked by the domain controller accordingly then the access is granted to that particular user.
These types of accounts are used wherein workload is divided among many, so a centralized access for them has been provided by the domain within few computers.
This account is for the users to provide them with the security on the services which are running on their systems. The services can be configured using the task manager or windows PowerShell.
There are basically three types of service accounts in an operating system:
a) Standalone Managed Service Accounts
b) Group Managed Service Accounts
c) Virtual Accounts
These accounts vary from business related forms to database logins. They basically deal with all types of critical roles over the network, depending on peer to peer applications. These types of accounts have been designed to track one’s application by logging in to that particular account application.
Our focus though will be the default administrator accounts & built in accounts. These accounts come into picture during the time of installation of devices and services. When the systems are installed for the first time, the operating system or database or the service installs with default user accounts.
These account settings are known as default administrative rights because they have been pre-defined by the software developers of the system. There are various types of default accounts available in various operating systems such as administrator for windows, root for Linux, db2admin for IBMDb2, administrator for Microsoft Server 2012 etc.
The security risks, however, come into play when there is a misuse of the access privileges granted to these accounts. This administrator can also create other accounts with equal administrator rights and sometimes this leads to creation of new privileged accounts that security teams may or may not know about. So the unaware security team will do the necessary checks to ensure that the access and credentials of the known default administrator accounts are protected. However, the abuse of these privileged accounts created will lie unnoticed that can expose a scathing attack surface.
With security risks around privileged account management taking the driver’s seat, this has become the topic of discussion even among Board of Directors. Given the nature of cyber-attacks that have been happening in the recent past where privileged account misuse have been identified as the top attack vector, regulations have tightened with focus around these privileged accounts. These regulatory frameworks are constantly evolving and that poses ‘challenges’ to CIOs and CISOs making it imperative for them to adhere to those regulations to avoid business and reputational losses. A quick recap and gist of the compliance policies are highlighted below.
Regulatory Challenges for Privileged Accounts
|Payment Card Industry Data Security Standard(PCI DSS v3)||Build and Maintain a Secure Network and Systems||1. Install and maintain a firewall configuration to protect cardholder data.|
2. Do not use vendor-supplied defaults for system passwords and other security parameters
|Health Insurance Portability and Accountability Act (HIPAA-April-2014)||164.308(a)(5)||Password Management|
|ISO-IEC-27001-2013||A.9.2.2||User Access Provisioning|
|A.9.2.3||Management of privileged access rights|
|A.9.2.4||Management of secret authentication information of users|
If you notice, the regulatory frameworks consistently talk about protecting privileged user credentials and securing their access mechanisms. Essentially for this, you need a deeply integrated and cross-platform Privileged Access Management approach.
Where can Sectona help?
While everyone is aware of the above regulations, no one completely knows or is aware of how to start their privileged security program. And the first step is to identify all the default accounts that are present in their on-premise or cloud infrastructure stack. So, as security consultants, we have stepped in and taken the ownership to ease out your work and educate you with a starting point to your Privileged Security Program by providing you with a comprehensive list of default accounts that can be found across infrastructure assets. You may download the template below. Also, we provide a collaborative, integrated and cross-platform approach based Privileged Access Management Spectra.
Start now, exploit this knowledge, prioritize your privileged access security and stay compliant. Do keep a lookout for additional resources across network devices and SaaS applications in the coming weeks.