Our blog

Why privileged accounts are catnip to hackers

k

15 February 2017

Bas de Graaf

Blogs by author: Bas de Graaf, Head of Product Management, Security Consulting, BT.

LinkedIn

Defending your privileged accounts should be high on your list of security priorities. Bas de Graaf explains why.

The keystone to your security stance.

If your network were an architectural arch, your privileged accounts would be the keystone. Once a hacker breaks them, the rest will come tumbling down. But, metaphors aside, what exactly are privileged accounts?

Privileged accounts come in many shapes and sizes. Here’s a few examples that you might recognise from your workplace:

  • Built-in administrative accounts — non-personal accounts that provide full access to things like workstations, servers, network devices, security devices, databases and mainframes. These are often used by the IT team to perform maintenance.
  • Emergency accounts — these provide unprivileged users with admin access to secure systems in the case of an emergency.
  • Privileged user accounts — these are the most common form of privileged account, and give users administrative access to one or more systems, devices or applications.

This list isn’t exhaustive, but it gives you an idea of what privileged accounts do and what they’re for. If there’s one thing that holds them all together, it’s that they all offer a single point of access that gives powerful access and rights over large parts of the network. Look at it that way, and you can see why hackers are always looking for privilege escalation, with the ultimate goal of taking control of the complete ICT environment.

In fact, that’s the reason that we always try to escalate privileges and own an admin account when we perform ethical hacks for our customers. We need to know if it’s possible, because if it is, then hackers are almost certain to take advantage.

The trouble with managing privileged accounts.

So that’s the situation, but what’s the solution? What can you do to keep your privileged accounts, and your network, secure? The answer, I think, is stronger management of your privileged accounts. But this also comes with a set of challenges.

Firstly, many organisations struggle to know exactly how many privileged accounts they have. And you can’t defend what you can’t see.

Then there’s the password problem. You get people sharing passwords they shouldn’t, people never changing their passwords, and passwords insecurely stored in emails or files. Sometimes you even get the same password used for multiple privileged accounts — the jackpot for hackers.

And that really just scrapes the surface of the challenges. There’s also a point to be made about temporary accounts not being deactivated, security policies not being systematically applied, account holders with too much sensitive information — and the list goes on.

What you need to do next.

So we return to the earlier question: what can you do to keep on top of this management and stay secure?

A good place to start is to ask yourself these questions, in order to understand exactly what your situation is:

  • Where are your privileged accounts?
  • Who owns these privileged accounts?
  • Who uses these accounts, when, and to do what?
  • What is the justification for these accounts?
  • Is there a defined security policy for these specific accounts?
  • Is this security policy applied?

When you’ve answered these, or at least discovered that you don’t know the answers, then it’s time to develop a Privileged Account Management (PAM) strategy, and possibly bring on-board a  partner that can help you get control of your accounts and stay secure.

This diagram gives you an idea of how PAM works:

Model of privileged account management (PAM)

Find out more.

Hopefully I’ve given you enough information to get across how important it is to secure and manage your privileged accounts.

If you want to delve deeper into the topic, take a look at our webpage, which is packed with information.