Which Privileged Accounts You Should Manage and Keep Safe

In many industries that follow digital transformation’s footsteps, privileged accounts stand out as one of the most critical topics for institutions and organizations to focus on in cyber security. It’s crucial to keep the accounts in question safe, as they’re the main target of various cyberattacks that hackers favor, especially in recent years.

See Also: How to Identify and Verify Access to System Components for PCI DSS

It is quite likely that data breach issues may arise if privileged accounts within the business are not discovered and maintained within a defined framework. You may confront various situations, ranging from a ransom demand to the sale of sensitive information belonging to the institution or its workers due to data leakage from the institution.

To ensure data security and obtain effective outcomes against cyber threats, you must successfully manage and govern privileged accounts.

How Are Privileged Accounts Defined?

In today’s business environment, privileged accounts are crucial for allocating access security and generating remedies against a cyber attacker and for IT teams managing the corporate system, infrastructure, network, and software.

Privileged accounts, which provide access to data that enable employees to make critical decisions regarding the workflow, also allow them to perform administrative tasks.

See Also: What Does the Separation of Duties and Needs-to-Know Principles Stand for the PCI Requirement 7

The appropriate accounts, which allow hackers to travel freely throughout the business network if they are detected, are ideal for stealing sensitive data and allowing infiltrators to hide their tracks within the system swiftly.

Privilege accounts can exist practically anyplace in a company’s system. Related accounts can be found in cloud and SaaS services and databases, operating systems, and software, regardless of physical location.

Privilege account access may be granted to IT administrators, database administrators, application owners, third-party contractors, security teams, help desk workers, and sales teams, for example. To put it another way, an approved account can be used by all company divisions, from software to marketing, sales, and security.

Which Privileged Accounts Play a Critical Role?

The second stage of the privileged account identification procedure is to identify the accounts crucial to the organization’s business model’s long-term viability. Consider going over the seven categories of authorized accounts that a company should protect first.

  • Domain Administrator Accounts: This type, described as the king of accounts in the IT literature, has full authority and control over the domain. As a result, the relevant accounts should be kept as small as feasible, and their oversight should be maintained at a high level.
  • Domain Service Accounts: This type is required for password changes that disrupt program operations. It is used for database access, altering and replicating reports, and using APIs. It’s simple to track software changes directly related to password operations when domain service accounts are protected.
  • Local Administrator Accounts: One of the main reasons for leaks to the corporate network is that many employees are given local administrator account access. Local administrator accounts are generally impersonal and provide administrative access to the local host. These accounts are often used by IT personnel to perform maintenance or set up new workstations. Often, local administrator accounts will have the same password across platforms or organizations. These shared passwords are used by thousands of hosts, making them a soft target for hackers.
  • Administrator Account for Operating Systems: Capturing the access information of persons with this account may result in the operating system directories being modified across the business, causing the system to cease working for a while.
  • Default Administrator Account: The system administrator’s account is the key to logging in to the system, and it cannot be removed, modified, or locked after that. The name is the only item that can be changed.
  • Emergency Accounts: The type of account comes into play when a critical situation occurs on the network. Emergency accounts provide unprivileged users with administrative access to secure systems in an emergency. They are activated as a “break the window in an emergency” measure when regular services fail. While these accounts must require management approval, the process is often manual and lacks the records as are necessary for compliance audits.
  • Service Accounts: An application or service uses privileged local or domain accounts to interact with the operating system. Typically, they will only have domain access if necessary for the application being used. Local service accounts are often more complex as they interact with multiple Windows components. This means that changing passwords for these accounts must be done simultaneously to avoid interfering with dependent systems. Therefore, these passwords are rarely changed and are often an easy target for attackers.
  • Application Accounts: Application Accounts are accounts used by applications to access databases, run batch jobs or scripts, or access other applications. These privileged accounts often have extensive access to essential company information found in applications and databases. The passwords for these accounts are usually embedded and stored in unencrypted text files. This vulnerability poses a significant risk to many organizations.

Root accounts, Wi-Fi accounts, firewall accounts, and hardware accounts such as BIOS all play a part in access security, in addition to the accounts stated above.

What is Privileged Account Management (PAM)?

Privileged account management (PAM) is a solution that helps you control, manage and monitor access to critical assets.

Data integrity is vital to organizations. Privileges such as operating on or seeing data should not be defined for every user. PAM is one of the hottest topics in cybersecurity, and this is because cybercriminals’ first goal is to discover and exploit privileged accounts to gain unrestricted access to critical assets.

See Also: What is the Separation of Duties Principle and How Is It Implemented?

PAM creates an isolated, highly secure, and tightly controlled environment to store privileged credentials and control access to them. In addition, PAM solutions often provide granular monitoring of the use of privileged accounts, such as shared administrator accounts.

A privileged account has additional privileges than regular users. Privileged accounts can perform a wide range of system activities. They have access to files that ordinary users do not have and can conduct activities that normal users cannot.

It is easy to conclude that designating privileged accounts is insufficient to safeguard your organization for all of these reasons. You may protect your privileged accounts by implementing Privileged Access Management systems.

How Should Privileged Account Management Be?

Privileged account credentials are valuable targets for attackers. Therefore, it is essential to follow practices and protocols that help secure, control, manage and monitor these accounts.

See Also: Privileged Access Management Considerations

Because of the high risks to systems, applications, and services from misuse, creating or revealing vulnerabilities, or facilitating illegal access, special attention must be taken to protect the security of privileged accounts.

Privileged or administrator accounts have extensive access to systems and data, and they are authorized to execute system and security functions that are not available to regular user accounts. They can provide elevated or elevated access to systems, data, or one’s workstation.

Typically, individuals granted privileged access categories include system and database administrators and network infrastructure personnel responsible for performing system repairs or making changes to the software or operating systems.

By the principle of least privilege, privileged accounts should only be provided when one’s job responsibilities require, and individuals should be given sufficient minimum access to fulfill those responsibilities.

What are the Account Holder’s Responsibilities?

Privileged accounts, unlike account users, should have an authority responsible for mitigating the risk of threats from misuse of corporate data, including theft of credentials, deliberate or accidental improper disclosure of sensitive data.

Grant administrator or other privileged access only to authorized users with a business need. The privileged account holder is expected to:

  • Identify a specific business need before creating a premium account.
  • Configure systems with data classified as Restricted, High, or Medium to require two-factor authentication of privileged account users.
  • Configure systems with data classified as Restricted or High to control the actions of privileged account users.
  • Disable, suspend, or terminate privileged account access or administrative privileges after notification that authorized users have left the workplace or no longer have a business need for access.
  • Check permissions regularly to prevent privilege slippage so users don’t get new permissions when moving from one location to another.
  • On different systems handled by the same staff, use a different password for each privileged account.
  • Use corporate password management software to store privileged credentials securely.
  • Follow naming standards for privileged accounts in your environment.

What Are the Responsibilities of Account Users?

Users with elevated privileges, including account holders, are expected to:

  • Initially log in as an individual to the system, then switch to an administrator account if necessary.
  • Never use an unencrypted plaintext protocol like HTTP or telnet to connect to a privileged account.
  • Authenticate only through encrypted protocols such as HTTPS or SSH.
  • Only use a privately-owned device that has been configured to secure sensitive data when entering privileged account credentials.
  • Never log into a privileged account using a public computer or public Wi-Fi.
  • Instead of signing in as a superuser, utilize operating system tools like sudo (Unix/OSX) or “run as” to elevate access (Windows) temporarily.
  • Perform daily work as a non-privileged user and use privileged accounts only for tasks that require additional capabilities and administrative privileges.
  • Prohibit access to information unless specific tasks are required to support critical system needs.
Surkay Baykarahttp://www.pcidssguide.com
A passionate Senior Information Security Consultant working at Biznet. Over the past 15+ years my professional career has included several positions beginning as a developer and IT administrator, working my way up to a senior Technical Performance Consultant before joining Biznet back in 2015. I had several different roles at Biznet, including Penetration Tester and PCI DSS QSA. In my job as a QSA, I found my passion and worked closely with the Audit and Compliance team. I've been working inside InfoSec for over 15 years, coming from a highly technical background. I have earned several certifications during my professional career including; CEH, CISA, CISSP, and PCI QSA.

More from author

What Are the Ways to Reduce PCI Scope

If you can limit the amount of cardholder data you have, you'll have fewer data to audit.

How to Define PCI DSS Scope

The PCI DSS scope of a business or organization includes all people, processes, and technologies that can affect and interact with cardholder data security.

Why DNS Security Matters

DNS security best practices are similar to those for most other systems. Restrict access, utilize multi-factor authentication (MFA), activate security settings, and maintain everything up to date.

Related posts

Latest posts

What Are the Ways to Reduce PCI Scope

If you can limit the amount of cardholder data you have, you'll have fewer data to audit.

How to Define PCI DSS Scope

The PCI DSS scope of a business or organization includes all people, processes, and technologies that can affect and interact with cardholder data security.

Why DNS Security Matters

DNS security best practices are similar to those for most other systems. Restrict access, utilize multi-factor authentication (MFA), activate security settings, and maintain everything up to date.

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!