Written by Colin Bretagne, Senior Product Manager at BeyondTrust
In the hands of an external attacker or even an unscrupulous insider, privileged Unix and Linux accounts represent a potentially very serious cyber security threat to your organization. Through these privileged accounts, an attacker can infiltrate your organization’s environment and expose sensitive data, conduct unauthorized transactions, plant malware, and destroy systems, while erasing traces of his/her presence each step of the way.
Today, it is essential to have a strategy in place to control and audit your Unix/Linux privileged access in order to overcome this inherent security and compliance risk. The principle of least privilege, for example, was developed to encourage organizations to defend against infiltration by restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, authorized activities, and for the least time necessary. In many cases, this equates to standard user access.
What are the challenges associated with managing privileges in Unix & Linux environments?
Many basic OS, management, application, and software functions (e.g. configuration utilities) for Unix and Linux platforms require more than just standard privileged access. Traditionally, this required end users to possess elevated privileges in the form of root or administrative usernames and passwords. To overcome this inherent security and compliance risk, organizations must remove the need to distribute and maintain root and administrative credentials. For this, they need PAM.
The best practice for managing privileges in Unix/Linux environments starts with PAM
One of the best ways to enhance access control for your privileged accounts is to use a Privileged Access Management (PAM) solution to configure and manage your Unix/Linux system. PAM provides a detailed, policy-based delegation of privileges of the Unix/Linux root account. This will enable you to deploy least-privilege access and enhance individual accountability for Unix/Linux root account activity. Plus, its centralized management and reporting capabilities will ensure you meet even the most stringent compliance requirements.
Let’s look in greater detail at how PAM can address the security and compliance challenges that are exclusive to Unix/Linux environments.
1) Prevents root escalation by removing the need to log in as root
Many system and application users of Unix and Linux use the phrase, “I need root,” declaring they can only perform their daily job functions if they can log on as “root”. Root is often referred to as the “God” user because, as the most powerful user on the system, there is little the root user cannot do.
Allowing usage of the root account complicates the ability to audit an individual’s actions (promoting account sharing) and inhibits the use of a strong, changeable password for the root account due to the need for multiple identities to use the account at any given time. These characteristics dramatically increase risk. The organization faces a heightened danger from insider threats via malicious and accidental behaviors, as well as additional exposure from external threats due to weak and non-changing passwords. There is zero accountability when using root to perform administrative functions.
Privilege Access Management solutions for Unix & Linux environments allow an administrator to elevate privileges following the principle of least privilege (PoLP). This enables users to run any command at a higher privilege level, so long as it is allowed by a policy defined in the centralized policy server, keeping the user accountable and keeping the attacker out. Removing the need for users to log on as root enables much tighter security controls around the root user account.
2) Safeguards Unix/Linux privileged passwords
It goes without saying that everything must be password protected. However, the management of your privileged passwords is as important as the password itself. One of the major problems for Unix/Linux root accounts is the tendency for users to share accounts and passwords. Unfortunately, in the case of shared accounts, as well as for certain configuration changes, root access is still required. Access to root passwords needs to be strictly controlled, and only one individual should know a password at any point in time to ensure there is accountability for any actions taken using the account.
These accounts should also have their passwords rotated on a regular basis to prevent any brute-force attacks aimed at hacking passwords. Integrating a PAM-privileged password management system layers on further security and productivity benefits by proactively vaulting and managing privileged credentials.
3) Centralizes Unix/Linux systems management, policy, and reporting
It’s well-established that the command-line nature of Unix and Linux systems doesn’t lend itself to easily consumed searching capabilities. This drawback becomes especially apparent in very large enterprise systems with multiple log servers concurrently running. With that said, consolidating vast amounts of data, and finding what you are looking for, is key to identifying mistakes and mitigating risk. PAM solutions allow the consolidation of logs, making data accessible quickly and efficiently. IT stakeholders benefit from having real-time visibility into the state of privilege-related Unix and Linux risks at their fingertips.
4) Achieves compliance for the root account – indelible audit trail, unimpeachable logs
PAM solutions enable full session logging and session replays, providing a centralized, indelible audit trail and ultimate accountability for each individual system administrator. Logging all Unix/Linux user activity can quickly become untenable. With PAM solutions, activity is recorded in a tamperproof way to meet compliance needs, and event logs can be dynamically named, centrally located, and access controlled in the central management console. When an audit or forensic investigation needs to be performed, organizations no longer need to waste time and manpower performing investigations on an overwhelming amount of data.
5) Analyze behavior to detect suspicious user, account, and asset activity
From time to time, the most senior admins will have a legitimate need to leverage root capabilities. These sensitive use cases may include certain types of system-level changes, or just reflect the ad-hoc nature of the commands the user may need to issue. One challenge is that compliance teams need to monitor ALL activity and ensure accountability for actions, especially considering the privilege level being used during these sessions. Compliance teams need to cleanly identify:
- who was using the root account
- when they were using the root account
- what activities were performed/commands typed by the root account
It is also imperative to protect log files from any sort of tampering. Searching the log files is critical for enabling the compliance team to find what they are looking for quickly and efficiently. PAM solutions enable monitoring and auditing of sessions for unauthorized access, changes to files and directories, and compliance.
The bottom line is that your business depends on the accuracy and privacy of the information you are entrusted with. Therefore, the value of managing the “who, what, where, when, how, and why” regarding access to your information technology cannot be underestimated. Privileged access management has numerous benefits that can solidify your information security. You would be wise to take advantage of this indispensable tool.