Privileged Account Management 101: How Can Privileged Accounts Compromise Your Securi

[harlan4096]

Learn Everything you Need to Know about Privileged Account Management… and How you Can Protect your Business!

 When it comes to privileged account management (PAM), you might want to know: 

– what is a privileged account? 
– does it have any connection to “privileged access management” (also PAM)? 
– how do privileged accounts benefit your company?
– how many /what types of privileged account are there? 
– how can privileged accounts compromise your security?
– what can you do to ensure the cybersecurity of your company? 

If so, you have come to the right place – we will answer all this and more in the following lines. 

First, let us clarify that we call privileged accounts those accounts that have the most power inside an IT department and are used by the team to set up the IT infrastructure, to install new software or hardware, to run critical services or to conduct maintenance operations. To put it simply, privileged accounts can access an organization’s highly classified IT assets and the sensitive information stored within them. 

Source: Teiss

As the acronym suggests, privileged account management is related to privileged access management: privileged access management tools monitor privileged accounts in order to ensure business safety. We wrote more about this here. You can also get into this further by learning more about the Zero Trust model, Insider Threats, why removing admin rights closes critical vulnerabilities in your organization, the Principle of Least Privilege (PoLP), and Identity and Access Governance.

How does privileged account management benefit your company?

In several ways:– it helps you maintain a complete list of active privileged accounts in your network, updating it whenever new accounts are created. 

– privileged identities (e.g. passwords) are stored in secure vaults. 
– enforce strict IT policies regarding password complexity, frequency of password rest, automatic reset, etc. 
– securely shares privileged accounts, granting every user the minimal permissions to fulfill their tasks. 
– monitors and records all privileged users in real-time.
– audits all identity-related operations: user logins, password access attempts, reset actions, etc.   

How many / what types of privileged accounts are there?

Well, overall, privileged accounts can install system hardware/software, make changes in IT infrastructure systems, log into all machines in an environment, access sensitive data, reset passwords for others. 

They can be:

1. LOCAL ADMINISTRATIVE ACCOUNTS

Non-personal accounts, which provide administrative access only to the localhost or instance. Local admin accounts are used for maintenance on servers, network devices, databases, etc. and usually have the same password across the entire organization. Local Administrative Accounts are the first accounts created during system installation and some companies give their credentials to every employee, which makes them easy targets. Default Administrative accounts cannot be deleted or locked out, only renamed or disabled. 

2. PRIVILEGED USER ACCOUNTS

These are named credentials that have been granted administrative privileges on one or more systems. They have unique and complex passwords, yet they must be constantly monitored and secured since they have access to very sensitive privileged data. 

3. DOMAIN ADMINISTRATIVE ACCOUNTS

They have access across all workstations and servers, offering complete control and the ability to modify every administrative account, which makes them the most sensitive target of a cyber attack in an organization.  The access and usage to domain administrative accounts should be granted only on-demand, with additional security controls and their activity should be fully monitored and audited. 

4. EMERGENCY ACCOUNTS

Also known as “fire calls” or “break-glass” accounts, they describe the situation in which an unprivileged user gets administrative access to secure systems, in case of emergency. For obvious security reasons, they require managerial approval. Emergency accounts are also helpful when it comes to restricting compromised accounts from being continuously abused. 

5. SERVICE ACCOUNTS

Service accounts are privileged local or domain accounts used by applications or services to communicate with the operating system. Coordinating their password changes is difficult because they can interact with many Windows components – not to mention that changing their passwords hardly ever happens. Also, this kind of privileged account does not expire. 

6. ACTIVE DIRECTORY OR DOMAIN SERVICE ACCOUNTS

Active Directory Domain Services represent the core functions that allow sysadmins to organize data into a logical hierarchy. Changing passwords here is a complicated job since they require coordination across multiple systems – this operation breaks the application(s) almost every time until the account is synced across the environment. 

7. APPLICATION ACCOUNTS

These allow applications to access databases, run batch jobs or scripts, or to provide access to other applications. Usually, they have broad access, so the passwords for this type of accounts are embedded and stored in unencrypted text files, which poses a significant risk to any organization. By compromising Application accounts, hackers can gain remote access, modify system binaries, or even elevate standard accounts to privileged. 
...

Continue Reading