Overview#
Managing Privileged Accounts#
Recently when working with a client there was a scenario where some "White-Hat" hackers who already had full administrative access to a machine and possessed many specialized tools was able to obtain the credentials of another administrator.Now to be clear, the organization already was:
- using separate administrative accounts for each user.
- the administrative accounts were separate from the user's non-administrative account
- administrative accounts had a password expiration policy that was enforced.
What was Done#
There was a decision to:- reduce the access to the Microsoft Active Directory team's accounts less than "Domain Administrators"
- place "all" "Domain Administrators" access within a check-out Privileged Account Management system.
The organization already had a Multi-Factor Authentication application in place and it was suggested that this be used instead.
Conclusion[1]#
Organizations can substantially benefit by having a process in place for the use and management of administrative privileges. A robust process for the management of administrative privileges includes:- Providing clarity on what administrative privileges are necessary
- Minimizing the use of shared administrative accounts
- Having a method of being able to verify the privileges associated with each account
- Having a method of reliably controlling and monitoring the use of account privileges
Not only will having a robust process for the oversight of administrative privileges bring peace of mind to management, it will also provide organizations with better security. Developing a robust process for the management of administrative privileges involves first developing policies for administrative privilege use and then determining the appropriate mechanisms to enforce those policies.
More Information#
There might be more information for this subject on one of the following: ...nobody- [#1] - The Importance of Managing Privileged Accounts
- based on information obtained 2016-03-27