IT Security Jun 2, 2020

Privileged accounts and their influence on holistic information security.

An increasing number of cyber-attacks are happening from predators hacking privileged accounts such as system administrators, allowing them to gain access to particularly sensitive information. Effective defence comes in the form of Privileged Access Management (PAM).

Share article

André Popella
Team leader security

What are privileged user accounts and how can they be compromised?

The definition of a privileged user account is very simple. It refers to any account within a company that has permissions to change system settings or conduct business-critical processes. These user accounts can be part of a cloud infrastructure or are available on-premise, are for a company’s social media presence or other enterprise accounts (admin or service accounts). All of these accounts offer access to sensitive corporate data. If they are deleted, falsified, or copied to a location outside of the company, work stops and production grinds to a halt. But that’s not the only problem that companies are confronted with when privileged accounts are compromised. Lateral movement—searching for other targets within an infrastructure—is easy with these kind of accounts as new ways to access assets can be established externally. It raises the question of how these personalised and shared user accounts can be effectively and centrally protected against unauthorised use.

 

How can Privileged Access Management (PAM) help you to protect your privileged user accounts?

Using a PAM system spares your admins from having to log in to each IT system separately with their various user accounts, allowing them to centrally log in via multi-factor authentication. If the login is made via SSH, RDP, or HTTPS, administrators can view all resources that they have access permissions to. Logging in to each source can be controlled via an automated or interactive process. Automatic login offers the option of automatic password changing for the account so that the user never knows the password needed and therefore can’t pass it on.

 

This service can be provisioned for both local and internet logins. For example, service providers can access a portal in the DMZ and authenticate themselves there. Once they have logged in, they only get access to IT systems that are added to their profile. The advantage of this is quick on-boarding of third parties, as no dedicated VPN service is needed for the firewall.

 

What purpose does a PAM system serve apart from managing privileged user accounts?

In addition to centralised management of user accounts, a PAM system has the following benefits: The option to register all SSH and RDP connections to ensure traceability of all actions taken. These records mean you ensure that your employees cannot manipulate or delete data without permission. In addition to hacker attacks, these inside threats pose a further problem that companies have to get to grips with.

 

If there are special requirements such as logging in to web portals or authentication between applications, privileged access management can help here, too. The requirements of the ISO 27001 (information security management system) are the final crucial aspect. If you want to get your company’s IT ISO 27001 certified, you’ll find a section on managing privileged access permissions which includes a description of what a PAM system can do.

 

Interested?

Bechtle has several IT systems houses offering protection for privileged user accounts. Your local IT system engineers and IT consultants set themselves apart with their vendor certifications and wide-ranging product experience.

 

For more information please contact your sales contact it-security@bechtle.com.