Security, et al

Sudo is awesome and so is every other technology that helps you implement least privilege over admins. But at the end of the day you are just getting more granular with the risk but the risk is still here. Take a help desk staffer who needs to handle forgotten password resets for end users. Giving a privileged user like that just the authority she needs to get her job done is way less risky than giving her full root authority. But there’s still risk, right? If she is dishonest or becomes disgruntled she can reset the password of your chief engineer or CEO and access some heavy duty information.

So with any trusted user (whether a privileged admin or end user whose responsibilities require access to sensitive resources) you are ultimately left with detective/deterrent controls. You can’t prevent a user from trying to use whatever authority they have for evil but at least you can audit their activity. Ideally this gives you the chance to detect it and respond and at the very least it ensures accountability which is an important deterrent control. After all if you know everything you do is being recorded and subject to review, you think more than twice about doing something bad.

Besides being in control against malicious insiders, a privileged user audit trail is irreplaceable in today’s environment of advanced and persistent attackers. Such attackers actively try to gain privileged access so you also need the ability to actively monitor privileged user activity for quick detection of suspicious events.

In past webinars with BeyondTrust I’ve talked about how to use sudo to control what admins can do. In this webinar I’ll look at how to audit what admins do inside Linux and UNIX with sudo’s logging capabilities.

Click here to register now.