By: Bob Tarzey, Service Director, Quocirca
Published: 13th March 2012
Copyright Quocirca © 2012
If you are trying to compromise an organisation’s IT systems in some way, then you need to have access. Getting a given user’s log in details is a starting point but might not get you that far, unless they are a user with privilege. Privileged users have much wider ranging access than 'normal' users, often far more than they need. Privileged user accounts are therefore of great interest to hackers.
A responsible system administrator (sys-admin) should at least have a strong password and keep it secret. However, it is clear from recent Quocirca research that there are likely to be plenty of privileged user accounts out there that are not even associated with active sys-admins, let alone responsible ones.
They fall into two categories:
Default privileged user accounts can be searched for and closed down. Ensuring privileges are removed from users that are no longer needed can either be controlled by making the allocation of privileges an extension of standard identity and access management, or by granting all privileges on an 'as needed' basis for a limited period of time through the use of password vaults.
This is not just an issue with regard to external hackers. Ask the French Bank Société Générale; the rogue trader Jérôme Kerviel, who lost it €4.9 billion, perpetrated his fraud and covered his actions for a couple of years because of privileged user access that he had been granted to carry out a previous IT administrator related job, which had not been revoked when he moved to the trading floor.
To see the full research behind this and get a free copy of Quocirca’s report – “Conquering the sys-admin challenge” – go to http://www.osirium.com/alpha-files/wp
We have not received any comments against this entry. Why not be the first?
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761