Unix & Privileged Access Management (PIM or PAM)

As the number of cyber-attacks increase, the need for organizations to increase their security posture has become more evident. Securing and managing privileged accounts by implementing a robust Privileged Identity & Access Management (PIM or PAM) must be a high priority.

Privileged Users

Privileged Users are identities that have the capability of performing administrative functions, configuration changes, install, and execute programs. Unmanaged privileged accounts often put an organization at risk through the following:

  • Lists of passwords circulating in an organization
  • Passwords that have never been changed
  • Employees that have left the organization and know the passwords
  • No entitlements process to verify that users should have necessary privileges
  • Change in job or roles where additional privileges are granted
  • Employees copy and share SSH keys
  • Users inadvertently granting access to the wrong people
  • Difficulty identifying the number of privileged accounts currently within a network
  • Insider threats

At a minimum, to mitigate some of these risks organizations should enforce:

  • Strong Password Policy (Uppercase and lowercase letters, numbers and special characters, 16 characters or more, and random patterns)
  • Password rotation
  • Unique passwords

It is also vital for organizations to discover and manage privileged account credentials for root and super user.

Super Users

Root Super user accounts are basically the default accounts that come pre-built with the Unix operating system. These accounts have unlimited access to do anything on the system. These accounts have full read, write, and execute access to perform the following:

  • Installing
  • Modifying
  • Deleting
  • Running Programs

Sudo Users

(aka. Superuser do)

  • Members of the Sudoers file
  • Can elevate their account privileges
  • Sudo users can be setup with a specific security policy

Controlling Privileged User Access

Access privileges for each of these can be controlled using techniques such as:

  • Commands only from a certain terminal
  • Requiring password
  • Permit passing arguments
  • Allow execution of multiple commands