Advantages and Disadvantages of Open Source Privileged Identity Management

Similar documents
WHITE PAPER. BeyondTrust PowerBroker : Root Access Risk Control for the Enterprise

Retina CS: Using Strong Certificates

Legacy Applications and Least Privilege Access Management

How To Manage A Privileged Account Management

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

WHITE PAPER. Take Back Control of Your Active Directory Auditing

Avoiding the Top 5 Vulnerability Management Mistakes

Understanding BeyondTrust Patch Management

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Privileged Account Management Mar3n Cannard, Security Solu3ons Architect

WHITE PAPER. Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux

Intrusive vs. Non-Intrusive Vulnerability Scanning Technology

Three Ways to Secure Virtual Applications

Privileged Access Life-Cycle Management: How PALM Enables Security, Compliance, and Efficiency for Enterprise IT

Privileged Account Access Management: Why Sudo Is No Longer Enough

Privilege Gone Wild: The State of Privileged Account Management in 2015

Using PowerBroker Identity Services to Comply with the PCI DSS Security Standard

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

Privilege Gone Wild: The State of Privileged Account Management in 2015

Finally: Achieve True Principle of Least Privilege for Server Administration in Microsoft Environments

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Administration Guide NetIQ Privileged Account Manager 3.0.1

The 10 Pains of UNIX Security. Learn How Privileged Account Security Solutions are the Right Painkiller

Simplifying the Challenges of Mobile Device Security

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

PowerBroker for Windows

BEST PRACTICES FOR UNIX/LINUX PRIVILEGED IDENTITY AND ACCESS MANAGEMENT

How To Monitor Your Entire It Environment

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

Securing VMware Virtual Infrastructure with Centrify's Identity and Access Management Suite

PowerBroker for Windows Desktop and Server Use Cases February 2014

SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio

OBSERVEIT 6.0 WHAT S NEW

identity management in Linux and UNIX environments

Red Hat Enterprise ipa

IT ACCESS CONTROL POLICY

What Do You Mean My Cloud Data Isn t Secure?

Did you know your security solution can help with PCI compliance too?

Windows Least Privilege Management and Beyond

SECURELINK.COM REMOTE SUPPORT NETWORK

Supporting FISMA and NIST SP with Secure Managed File Transfer

The ROI of Automated Agentless Endpoint Management

Understanding Enterprise Cloud Governance

BEST PRACTICES FOR UNIX/LINUX PRIVILEGED IDENTITY AND ACCESS MANAGEMENT. PIM, PAM and PUM WHITE PAPER

Cloud Data Security. Sol Cates

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Seven Steps to Complete Privileged Account Management. August 2015

Controlling Remote Access to IBM i

Seven Things To Consider When Evaluating Privileged Account Security Solutions

October Application Control: The PowerBroker for Windows Difference

Managing Special Authorities. for PCI Compliance. on the. System i

SecureIIS Web Server Protection Guarding Microsoft Web Servers

EasiShare Whitepaper - Empowering Your Mobile Workforce

SecureAge SecureDs Data Breach Prevention Solution

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Nessus Agents. October 2015

White Paper. Central Administration of Data Archiving

Active Directory and DirectControl

Protecting Data with a Unified Platform

Reducing the cost and complexity of endpoint management

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

BeyondInsight Version 5.6 New and Updated Features

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Best Practices for Information Security and IT Governance. A Management Perspective

Cloud Server powered by Mac OS X. Getting Started Guide. Cloud Server. powered by Mac OS X. AKJZNAzsqknsxxkjnsjx Getting Started Guide Page 1

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

Ubisecure. White Paper Series. e-service Maturity Model

The Nexpose Expert System

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS

SECURE ACCESS TO THE VIRTUAL DATA CENTER

How to Audit the 5 Most Important Active Directory Changes

Media and Information Provider Unifies Development Processes

Best Practices. Understanding BeyondTrust Patch Management

7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia

Security Event Management. February 7, 2007 (Revision 5)

MITEL. Enterprise Management Solutions

Privileged Access Control

A Model for Access Control Management in Distributed Networks

Site24x7: Key Mistakes in Data Center Operations

Total Protection for Compliance: Unified IT Policy Auditing

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

privileged identities management best practices

Transcription:

White Paper How Secure is your sudo? ~ The Good, the Bad, and the Ugly of Open Source Privileged Identity Management (PIM) Abstract Though not publicized or romanticized by the Information Technology community, Unix/Linux OS users have passionately embraced either implementing open source privileged identity management solutions (i.e., sudo), commercial solutions that are more user friendly, or not implementing anything at all. Though highly disputed, the fact of the matter is that both solution-types do work and both bring high-value depending upon the IT environment that it is managing. This white paper will illustrate certain positive situations where open source solutions like sudo often work in smaller scale enterprises. However, this white paper will also spotlight red flags that relate to larger companies or companies experiencing significant IT growth. CISOs managing large IT environments, combined with the many eyes in the open source community, are consistently discovering that sudo creates security, compliance and productivity challenges to large enterprises seeking to protect critical assets. One can present this information in the negative or positive light. By stepping back and looking at the good, the bad and the ugly of the sudo solution, enterprises will learn that sudo represents an illusion of control over access to a company s critical assets. www.beyondtrust.com BeyondTrust Corporate Headquarters 30401 Agoura Road, Suite 200 Agoura Hills, CA 91301 USA Phone: +1 800-234-9072

Table of Contents The Art of War... 3 Brief History of sudo Unix/Linux... 4 The Birth of sudo... 5 sudo The Good... 6 It is Free... 6 Additional Layer of Protection to root... 6 Additional Layer of Protection over Accidents... 6 Simplified Process for Administrators... 6 Upgrade in Auditing over Native Unix Systems... 6 Time-Ticketing System... 6 sudo The Bad... 7 Generated Data is Insecure... 7 IT Control is an Illusion... 7 There is No Official Support Available... 7 Log Security and Compliance Questionable... 7 Lacks Independent QA Testers... 7 sudo is not Designed for the Enterprise... 8 sudo The Ugly... 8 CISOs Do Not Know How Effective Their Security Controls Actually Are... 8 Real-World Example of sudo s Ugly Side... 9 The True Cost of Free... 10 BeyondTrust Solutions... 11 Privilege. Made Simple... 11 Privilege Identity Management for Desktops... 11 Privilege Identity Management for Servers... 11 Automated Password Management for Devices, OS & Applications... 11 About BeyondTrust... 12 2 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

The Art of War Conflicts of opinion can present themselves in different forms. There are very serious conflicts that show themselves in wars between nations. And there are lighter, but still passionate conflicts in business, such as Coke versus Pepsi and Microsoft versus Apple, that gain market share and create a divide among consumers. Every one of us in the modern working world has developed opinions and perspectives that have led us to favor one product over another. In the Cola War, some of us prefer the bite in Coke, while others prefer the sweet cola taste of Pepsi. In the Platform Wars, loyalty to Windows or Apple transcends even these rational considerations. Some of it has to do with familiarity (i.e., which machine you learned on). But even this is not enough to explain the fierce partisanship that often typifies the computer and software industry. Now taking this perspective down to the Privileged Identity Management (PIM) space, which CISOs, IT Managers and Administrators are well aware of, the same type of battles come into play. Though not publicized or romanticized by the Information Technology community, Unix/Linux OS users have passionately embraced either implementing open source privileged identity management solutions (i.e., Coke vs. Pepsi illustrates a perfect example of the many conflicts in the business world sudo), commercial solutions that are more user friendly, or not implementing anything at all. Though highly disputed, the fact of the matter is that both solution-types do work and both bring high-value depending upon the IT environment that it is managing. This white paper will illustrate certain positive situations where open source solutions like sudo often work in smaller scale enterprises. This white paper will also spotlight red flags that relate to larger companies or companies experiencing significant IT growth. CISOs managing large IT environments, combined with the many eyes in the open source community, are consistently discovering that sudo creates security, compliance and productivity challenges to large enterprises seeking to protect critical assets. One can present this information in the negative or positive light. What is important is to try to look at sudo objectively. By stepping back and looking at the good, the bad and the ugly of the sudo solution, enterprises may learn that sudo often represents an illusion of control over access to a company s critical assets. 3 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

Brief History of sudo Unix/Linux When looking at the history of sudo, it helps to also look at the history of the Unix operating system (OS). In the 1960s, Unix was created by a multi-organizational effort to develop a dependable time-sharing operating system. The Unix system fostered a distinctive approach to software design solving a problem by inter-connecting simpler tools, rather than creating large monolithic application programs. The Unix development and evolution led to a new philosophy of computing, and it has been a never-ending source of both challenges and joy to programmers around the world. After four decades of use, the Unix OS is still regarded as one of the most powerful, versatile, and flexible operating systems in the computer world. Tux, the official mascot of Linux, was conceived from the Unix OS Its popularity is due to many factors, including its ability to run a wide variety of machines, from micros to supercomputers. IT also fell in love with its portability, all of which led to Unix s adoption by many manufacturers. Universities began using Unix for research, but over the years business embraced Unix and began using Unix to run databases and other business applications. As time went on, more and more business critical assets were being managed by Unix. Because universities used Unix to create a collaborative environment, access to highprivilege administrative accounts in Unix was based on little more than trust. While this made sense to education, it had the opposite effect on the business world where protecting access to confidential information is vital to survival. Over the last four decades, the foundation of IT systems management has been built on the concept of the administrator. Whether root on a Unix or Linux system, or a DBA or Windows administrator, the administrator role gives the user the power to configure virtually every aspect of a system. Even though the administrator role is considered to be the highest level of privilege, access to such privilege is protected by the simplest of controls, such as knowledge of a root password. The root or administrative account has historically been shared among a group of trusted individuals, making it virtually impossible to track the actions of any specific user of this group. Though this scenario was ideal for university use, the IT risk to enterprise use was obviously problematic. 4 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

The Birth of sudo In 1994, Todd Miller released an open source Privileged Identity Management solution called sudo. sudo (superuser do) allows a system administrator to work using his own account and switch to root or other user identity available on the system only for commands that they need to perform. sudo was also designed to improve logging to see what actions were being performed by specific individuals. Many organizations have attempted to use sudo to authorize users to run commands without knowledge of the root password, and a lot of IT organizations praise sudo to their managers, CISOs and CTOs. On the flip side, other enterprises have found drawbacks with sudo because sudo was not designed for an enterprise mainly in terms of compliance. Hence, an IT-divide of passionate opinion regarding sudo has evolved over the last 15 years. Many users focus on sudo s feature set and low purchase cost as supporting factors. However, other company stakeholders such as management, compliance auditors and analysts have also raised red flags regarding sudo that larger or growing companies need to be cognizant of at the very least. Whether a stakeholder is just discovering open source or is a veteran, one will or has come across some of the gotcha s, quirks, and wow-type experiences. It can be a roller coaster ride of sorts. If one is seasoned enough to navigate and tread the enormous landscape of open source projects, it can be positive depending upon the IT environment one exists in. Generally, people have been hard-coded to think of technology in one perspective, and open source goes against all the grains in our post-modern capitalistic society. Open source yells, I want to be free for the good of mankind, and I want to unite developers and enthusiasts. Customers familiar with the usage of sudo within their company No 27% Yes 73% On the other hand, some old adages 2010 BeyondTrust Customer Survey still ring true, such as Sometimes you get what you pay for, and sometimes if it sounds too good to be true, then it usually is. The war of opinions over sudo all have valid points, and that is why it is important to look at the good, the bad and the ugly of from an objective position while you are analyzing. 5 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

sudo The Good It is Free This is generally one of the most important factors for an enterprise evaluating sudo as a viable solution for Privileged Identity Management. If judging a book by its cover, sudo s initial cost is always appetizing to security budgets. Additional Layer of Protection to root Too often, organizations fail to achieve necessary milestones in the control of root access to the heart of IT and its critical assets. Instead, they simply assign access to a shared account where activity may be difficult if not impossible to correlate to the actions of a single user. With sudo, the root account password does not need to be shared with everyone who needs to perform tasks on Unix/Linux systems. Additional Layer of Protection over Accidents Before sudo, any mistakes, significant or minimal, were much harder to pinpoint and access to shared account was virtually impossible to audit for accountability over what was actually done in the system. Though limited in its ability, sudo does help prevent some really horrible things that happen when administrators work as root and try and complete tasks in a hurry. Simplified Process for Administrators Though this is often argued as a security and compliance risk, sudo can be configured in such a way that members of a designated group do not need additional authentication to become root, which results in higher productivity. Upgrade in Auditing over Native Unix Systems Auditing in Unix/Linux was never a priority under the original intentions of these operating systems, since its origin of use was in Academic research programs and databases. Though sudo s logging functionality has serious security and compliance red flags, it is definitely a step in the correct direction to log what actions a user performed with privileged access. Time-Ticketing System When a user invokes sudo and enters their password, they are granted a ticket for five (5) minutes (default time). This time-ticketing system give some level of protection in situations where there is a danger of leaving a root shell open where others can physically use an administrator s keyboard. 6 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

sudo The Bad Generated Data is Insecure As security is provided through the binaries and configuration files, sudo lacks the necessary tools required to protect the integrity of generated security data. IT Control is an Illusion sudo has the ability to invoke a shell that has no control over itself whatsoever. This means that an experienced user could obtain full-access over valuable systems and applications. sudo s control file delegates privileged commands based on user, group, host, command, and command arguments. Many organizations write policy files based on these filters, but that does not always make an organization compliant. To ensure proper control, many other filters should be applied to policies. There is No Official Support Available Since sudo is open source, there is no directly accountable contact to call upon if an organization encounters technical problems with sudo. However, there is a very large sudo community that collaborates over common problems and solutions, and many people work very hard to help others with issues. Still, the unpredictability of researching and retrieving a correctable solution in a timely manner translates to lower productivity and higher cost in managing privileged identities. Log Security and Compliance Questionable While sudo logs and tracks user activity over privileged accounts, it is very difficult to ensure safety of sudo s logs. sudo does not natively protect log records from alteration, and cannot provide remote logging to remote servers, which are best practices for security and compliance. Lacks Independent QA Testers When an organization is seeking to protect assets worth significant amounts of money, it would be prudent to ensure that the solution they are implementing has been tested and validated regarding the security and functional features. Though there are many contributors to issues and features, there is no dedicated group of QA testers to provide assistance and assurance that the product is enterprise ready. 7 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

sudo is not Designed for the Enterprise Can sudo work in an enterprise? Yes. But, was sudo really designed for the enterprise? Looking at the history of sudo, it is safe to say No. Since sudo was not intended for large scale deployments, there simply is not enterprise development discipline needed in security solutions. sudo is a good stepping stone for smaller scale environments, but lacks architectural vision or general security of code that could be used to protect critical assets. When sudo is deployed with the enterprise under consideration where where the sudoers file is centralized using an LDAP server, consistency can be had and enforced. When policies are enforced based on user names, well defined security policies can be put in place most of the While sudo has value in smaller scale environments, in time. However, when policies mix the an enterprise, sudo forces organizations to choose between productivity and compliance security considerations (i.e., using usernames and group names), an organization can end up with conflicting policies and corrected by a potentially ever-growing list of constraints. This can lead to maintenance issues and a weakened security environment. sudo The Ugly CISOs Do Not Know How Effective Their Security Controls Actually Are According to Forrester s March 2010 report, The Value of Corporate Secrets, CISOs rely more on faith, rather than facts, for proof of effectiveness of their data security programs. sudo has won favor with many IT users and administrators and if CISOs are told that sudo is effectively managing privileged identities, chances are they will believe what they are told without the metrics supporting such statements. Forrester found that regardless of information asset value, spending, or number of incidents observed, nearly every company rated its security controls to be equally effective even though the number and cost of incidents varied widely. Even enterprises with a high number of incidents are still likely to imagine that their programs are very effective. Security managers need to develop a process for tracking key performance indicators that measure effectiveness of their data security programs, such as sudo, which includes metrics 8 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

as frequency and cost of incidents. Meeting these security and compliance mandates using sudo can become very ugly for auditors and administrators and raise cost significantly, even though sudo is initially a cost-saving solution. Real-World Example of sudo s Ugly Side CETREL S.A. (www.cetrel.lu), a leader in advanced electronic payment technology, expert in electronic transfers, and a trusted partner for electronic payment offers, experienced significant compliance and auditing challenges using sudo to manage their IT environment. Nicolas Debeffe, head of operational security at CETREL, is responsible for overseeing CETREL s security operations which includes their complex IT environment. For the last several years, Mr. Debeffe s security team had been using sudo to manage their critical Unix/Linux assets and trace any access from CETREL s support teams to applicative or generic users. Average Number of Unix/Linux Servers per Company 255 183 Avg. # of Servers Avg. # of Servers using sudo 2010 BeyondTrust Customer Survey While sudo initially seemed to manage CETREL s IT environment, they soon discovered that there was an imminent need to find a simpler and more secure method to manage access and accountability to generic users. As we have been continually adding Unix and Linux servers to our environment, as required for our operations, it was clear sudo raised significant red flags over the adequate security over our logs required by PCI DSS mandates, said Nicolas Debeffe. Productivity was being hindered, as reviewing sudo logs required accessing every server individually. Furthermore, sudo logs were alterable by the super user and the sudo configuration time required by system engineers was simply unacceptable, added Debeffe. 9 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

This example is a very common and real challenge for security managers globally, and the faster organizations are cognizant of such red flags, the faster preventative measures can be implemented from a strategically and compliant perspective. The True Cost of Free As stated earlier, people have generally been hard-coded to think of technology in one perspective, and open source goes against all the grains in our post-modern capitalistic society. Open source yells, I want to be free for the good of mankind, and I want to unite developers and enthusiasts. On the other hand, some old adages still ring true, such as Sometimes you get what you pay for, and sometimes if it sounds too good to be true, then it usually is. The war of opinions over open source all have valid points, and that is why it is important to look at the good, the bad and the ugly of any solution you are analyzing. Key questions that should be asked when evaluating Privileged Identity Management solutions whether open source or commercial should include: Analyzing metrics to determine accurate value within IT can be a daunting task 1. What is the cost of the solution? 2. What is the cost to implement the solution effectively in our IT environment? 3. What is the cost to manage and audit such tools, such as: a. man-hours to enforce policy changes across network b. man-hours to add new environments c. man-hours to code reports d. audit costs related to security and compliance 4. Has the solution been properly tested and vetted to meet security and compliance? Let s face it organizations are in the process of adapting to this new virtual collaborative IT environment. And during adaptation comes the enormous challenge of ensuring that privileged access to critical information is not misused. Walls like sudo that may have worked a decade ago are now practically irrelevant as users seek ways around, over, or under these obstructions because it interferes with their main job duties. As we move forward in this evolving era, it s important to develop an awareness of how to protect our resources, whatever they may be, using boundaries to guide us, not walls. Having well defined awareness of boundaries enables end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege. Boundaries allow a more productive and compliant dialogue to 10 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

take place between users and the IT department and proactively deters attempts of misuse. If boundaries are respected, then IT remains in control of security, compliance and productivity, and has the authority to take proactive steps in which to protect the enterprise. Privileged identity management is critical business systems, and if not managed correctly, can introduce significant compliance, security and productivity risks as shown in this white paper. It is always good to ask, What is the true cost of this solution? BeyondTrust Solutions Privilege. Made Simple BeyondTrust empowers IT to eliminate the risk BeyondTrust Privilege.Made Simple of intentional, accidental and indirect misuse of privileges on desktops and servers with globally proven solutions that increase security and compliance without impacting productivity. A system administrator s productivity increases by 25% by using PowerBroker to centrally maintain Unix/Linux security policies and to produce auditfriendly logs necessary for compliance. In today s collaborative environments, organizations need to provide the extended enterprise with necessary privileges to do their jobs. However, in order to increase security, compliance and productivity, organizations must not distribute root passwords or admin rights. BeyondTrust transparently brokers server and desktop permissions, providing a globally proven solution to privilege authorization that enables users to access the IT resources they need when they need it and for organizations to remain secure and compliant. Privilege Identity Management for Desktops Privilege Manager enables organizations to remove administrator rights and allow endusers to run all required Windows applications, processes and ActiveX controls. Privilege Identity Management for Servers PowerBroker allows system administrators the ability to delegate privileges and authorization without disclosing the root password on Unix, Linux, Mac OS X servers. Centrally managed via a web-based console, auditing includes event and keystroke logging of privileged access. Automated Password Management for Devices, OS & Applications PowerKeeper is an Automated Password Management (APM) solution for access control, manageability and audit of all types of privileged accounts. 11 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

About BeyondTrust BeyondTrust is the global leader in privilege authorization management, access control and security solutions for virtualization and cloud computing environments. BeyondTrust empowers IT governance to strengthen security, improve productivity, drive compliance and reduce expense. The company s products eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers in heterogeneous IT systems. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world's 10 largest banks, seven of the world's 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held, and headquartered in Carlsbad, California with offices in Los Angeles, the Greater Boston area, Washington DC, as well as EMEA offices in London, UK. For more information, visit www.beyondtrust.com. 12 How Secure is your sudo? 2011. BeyondTrust Software, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information