On Sharing Privileged Accounts

Administrator passwords tend to spread in IT circles. Often it is done the benefit the team and to get things done faster. In a year or so there won’t even be a need to ask what they are. Everybody will know all passwords and keep all certificates. Just in case. Because everybody knows anyway. Oh, these keys to the digital kingdom.

This “secret” knowledge doesn’t really bring a comfort though. When that table from the CRM system is suddenly gone,then everyone’s a suspect (“Gone” is actually not the worst thing that might happen to it. It could be exactly where it should be, but also be published somewhere outside of the organization).

It gets even worse when passwords are reused. While you never needed to access a database schema, but the password just happens to be the same as a root account on some computer you know. At times it would help to forget passwords.

Shared passwords are like water spilled out of the glass. You can’t collect the spill. It brings the idea that the only way to relieve IT staff from the burden of too much knowledge (as well as to protect that digital kingdom full of confidential assets) is to change administrator or root passwords and re-generate access keys every time the credentials go out in the wild.

Change Shared Password Often

How does it match then with the new NIST Digital Identity Guidelines for United States federal government advocating against the policy of rotating passwords too much? Well, these guidelines are about individual accounts that belong to a physical user (a natural person, like European GDPR calls them). A natural person needs to remember the password and never tell it to anybody. Changing them too often actually decreases security because people start to write passwords down.

Administrator, root or privileged accounts have a completely different use. These accounts do not belong to an individual user, rather they belong to a position or a job description such as an ERP system administrator, printer service provider or a database schema owner. In other words, they belong to whoever happens to perform this job at the time. There’s no difference between an individual and a privileged account from the perspective of a computer, a malicious insider or a hacker. And yet, privileged accounts hold much more power. Too often users neglect privileged accounts because of a sense of shared responsibility attached to them.

The rule of thumb is to change privileged account passwords often to limit the circle of people who know them. Ideally, change the password every time the password goes out. Yet, the same situation that causes frequent password rotation makes it much harder to change them. IT staff need these passwords for a reason. There are also machines (like scripts and applications) that access network resources and data using privileged accounts. Simply resetting the access would negatively impact the operations.

Consequence of Shared Password Reset

One of the solutions is to completely change the way how we look at managing the privileged access to begin with. The ideal situation will let admins access network resources without even the need to know the password or to have a key. This method started very early with the advancement of multi-user computing and also with connecting computers to networks. Unix sudo command allows a regular (natural) person account to elevate permissions,often without typing the root password (when configured). The technology around rhosts allows the copying of data and execution of commands on remote computers without logging in.

While rhosts in the past became one of the most abused early network holes it shows a general desire to let admins operate without typing or even knowing more than they need to. Developers might have introduced rhosts as a convenience that allows faster work. However, this way of thinking is a major draw to insider threats.

Modern privilege elevation software is much more sophisticated than early versions of sudo or rhosts technologies. First, it applies to different operating systems, not just to Unix or Windows. The software elevates privileges of an authorized natural person’s account by establishing sessions to network resources. The software can optionally record and monitor sessions as well as restrict operations that the account can perform on the remote device. In addition to providing access to network resources without asking for credentials, Privilege Account and Access Management System stores all privileged accounts in one easy to access place, usually called Identity Vault. Identity vault releases passwords by request to the qualified IT personnel and then comes back and resets this password. Since nobody needs to remember privileged passwords anymore the identity vault picks long hard to crack passwords.

Summary

Privilege Account and Access Management System helps administrators to forget privileged passwords by not learning them in the first place. Anyone who needs access to a privileged or shared account uses a natural domain account to connect to the central vault. Then the person uses it as a gateway to the remote destination.

About us

Xton Access Manager is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.

Please fill out this form to receive a download link to get started today with free 60 days trial. Documentation is available to help. You can email or call us to request a trial extension, ask questions and share your feedback. We would love to talk to you.