EXPERT SPEAK
P
Best practices for
Privileged Access
Management
John Hathaway, Regional Sales Director, Middle
East, BeyondTrust, shares insights on where to start
and how to proceed in achieving holistic enterprise
password management.
52
rivileged password management,
sometimes called enterprise
password management, refers to
the practice and technique of securely
controlling credentials for privileged
accounts, services, systems, applications
and more. But unfortunately, with so much
power inherent in privileged credentials,
they are ripe for abuse by insiders and
are highly coveted by hackers. Password
attacks come from all angles. Some
programs, such as John the Ripper and
L0phtCrack, can even crack complex
passwords, while Pass-the-Hash toolkits
can be lethal without even cracking the
password. In fact, according to the 2017
Verizon Data Breach Investigation Report
(DBIR), a whopping 81 per cent of hacking-
related breaches leveraged either stolen
and/or weak passwords.
For holistic management of privileged
accounts and credentials, there are
eight core areas you should focus on.
Most likely, achieving holistic enterprise
password management will follow the
course of a graduated approach but let me
share some insights on where to start and
how to proceed.
Discover all shared admin, user,
application and service accounts,
SSH keys, database accounts, cloud
and social media accounts, and other
privileged credentials – including
those used by third-parties/vendors
– across your on-premises and cloud
infrastructure. Discovery should include
every platform (Windows, Unix, Linux,
cloud, on-premises etc), directory, hardware
device, application, services/daemons,
firewalls, routers etc. This process should
also entail the gathering of user account
details that will help assess risk, such as
privilege level, password age, date logged
on and expired, and group membership and
services, with dependencies to the account.
Discovery should illuminate where and
how privileged passwords are being used,
and help reveal security blind spots and
malpractice, such as:
Long-forgotten orphaned accounts that
could provide an attacker with a back
door to your critical infrastructure
Passwords with no expiration date
Issue 10
INTELLIGENT TECH CHANNELS