Page 112 - index
P. 112
By now you would think that every organization, whether governmental or private sector would have
realized that protecting passwords and keys is an absolute essential. Additionally technology that
monitors the activity of systems administrators has been around for years.
The problem frequently starts with the failure of organizations to know where the accounts are
throughout the infrastructure. For example all your Windows systems have Service Accounts, Scheduler
Task Accounts, COM+ Accounts, IIS6 Metabase Accounts, IIS7 Accounts, etc. It’s not just simply the
Administrator accounts. A typical example of how easy it can be to circumvent policies is what happens
when IT Support departments are pressed to solve a problem. Take for example a situation where a user
is unable to gain administrative access to their systems. The workaround is to call the IT Support
department, who will have a solution. Very often IT will have set up an account that allows admin access
to every machine, and once this is given to the user, unless it is immediately changed, the user has
unlimited access. And more disturbing is the question, who is the IT Admin! However the same
organization will most likely have spent a fortune on perimeter security, blocks loads of malicious
websites, and constantly reminds its staff of the dangers of malware!
What this shows is the massive risk that organizations are faced with if they do not control access to
privileged accounts. In the case in point, not only should the IT support department have required an
audited approval process to gain access to the “backdoor” password, but once accessed it should have
immediately been changed.
Regardless of who you are, any security credential needs to be managed. It starts with Privileged
Identity that provides the access to a plethora of the “keys of the kingdom”. Without properly managed
and secure control of the credential that gives privileged access, everything underneath becomes
vulnerable. As in the example of the NSA, it would appear that badly managed passwords and keys, gave
Snowden the access he needed to discover SSL keys, SSH keys, Symmetric keys, and other passwords.
Having good processes for your SSL, SSH and Symmetric is all well and good, but ultimately flawed if you
don’t control your privileged accounts. As in my own case, one privileged LDAP account opened up my
whole world, and it may very well have been that Snowden simply asked the NSA IT Support department
to enable him to install or uninstall something on his laptop!
So what are some simple and practical steps you should be considering:
• Ensure all privileged accounts are locked down and remember that we’re not simply talking
about Admin or Root!
• Always rotate passwords immediately after use for any shared accounts, especially if the same
password is used on multiple systems
• Control access to privileged passwords, including service accounts and enforce an audited
check-in/check-out policy
112 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
