#PrivilegedAccessManagement #CyberSecurity #Cloud #ThreatProtection
#trending
What are privileged accounts?
In the least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts also called least privileged accounts (LUA) general consist of the following two types:
Standard user accounts have a limited set of privileges, such as for internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and accessing a limited array of resources, which is often defined by role-based access policies.
Guest user accounts possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and internet browsing.
A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts / non-privileged users.
Special types of privileged accounts, known as superuser accounts, are primarily used for administration by specialized IT employees and provide virtually unrestrained power to execute commands and make system changes. Superuser accounts are typically known as “Root” in Unix/Linux and “Administrator” in Windows systems.
Superuser account privileges can provide unrestricted access to files, directories, and resources with full read/write/execute privileges, and the power to render systemic changes across a network, such as creating or installing files or software, modifying files, and settings, and deleting users and data. Superusers may even grant and revoke any permissions for other users. If misused, either in error (such as accidentally deleting an important file or mistyping a powerful command) or with malicious intent, these highly privileged accounts can easily wreak catastrophic damage across a system—or even the entire enterprise.
In Windows systems, each Windows computer has at least one administrator account. The Administrator account allows the user to perform such activities as installing software and changing local configurations and settings.
Privileged Access Management accomplishes two goals:
Re-establish control over a compromised Active Directory environment by maintaining a separate bastion environment that is known to be unaffected by malicious attacks.
Isolate the use of privileged accounts to reduce the risk of those credentials being stolen.
Here are examples of privileged accounts commonly in use across an organization:
Local administrative accounts
Non-personal accounts providing administrative access to the local host or instance only.
Domain administrative accounts
Privileged administrative access across all workstations and servers within the domain.
Break glass (also called emergency or firecall) accounts
Unprivileged users with administrative access to secure systems in the case of an emergency.
Service accounts
Privileged local or domain accounts that are used by an application or service to interact with the operating system.
Active Directory or domain service accounts
Enable password changes to accounts, etc.
Application accounts
Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.
PAM confers several chief benefits, including:
A condensed attack surface that protects against both internal and external threats: Limiting privileges for people, processes, and applications means the pathways and entrances for exploitation are also diminished.
Reduced malware infection and propagation: Many varieties of malware (such as SQL injections, which rely on lack of least privilege) need elevated privileges to install or execute. Removing excessive privileges, such as through least privilege enforcement across the enterprise, can prevent malware from gaining a foothold, or reduce its spread if it does.
Enhanced operational performance: Restricting privileges to the minimal range of processes to perform an authorized activity reduces the chance of incompatibility issues between applications or systems, and helps reduce the risk of downtime.
Easier to achieve and prove compliance: By curbing the privileged activities that can possibly be performed, privileged access management helps create a less complex, and thus, a more audit-friendly, environment.
