Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.

Discover Privileged Accounts on Your Network

Absent Member.
Absent Member.
0 0 3,378
0 Likes
ahmed-saffu-201120Controlling privileged access is a lot like mowing the lawn. It’s much easier to just keep it short and cut it every week, but sometimes it’s easy to forget about it for one week… and then two… until it’s all overgrown with weeds and rodents and needs considerable work to get back to it’s easily maintainable state.

Industry statistics show that many organizations have let their privileged accounts grow out of control. 81% of hacking related breaches involved stolen credentials while 50% of organizations don't even audit their privileged accounts. This is why large organizations are constantly making headlines for security slip-ups - privileged accounts and users are a liability that are often overlooked and misunderstood.

The first step to regaining control of the situation is to discover the privileged accounts on your network by conducting a privileged account audit.

 

The Privileged Access Problem


 

Before conducting a privileged account audit, it’s important to understand why the problem exists in the first place. IT is tasked with managing the different privileged access needs for potentially thousands of users across their entire network. Properly provisioning, revoking, and monitoring this access is a complex task that is impractical to do manually (which is the method that 66% of organizations rely on, according the State of PAM survey).

Looking for a quick fix - or sometimes, out of pure necessity and lack of a better option -  organizations start giving everyone and their dog privileged access. Everything operates smoothly and IT managers can finally take a breath. Everyone is happy... until disaster strikes. An internal or external audit finds that months earlier, hackers got a hold of privileged credentials, which they used as a foothold to move into and across the system, breach other privileged accounts, and access sensitive information (such as credit cards, social security numbers, other usernames and passwords, etc). They’ve made quite the mess, which is inevitably followed by bad publicity and compliance fines.

If your IT systems are overwhelmed with privileged accounts, the first step to solving the problem is to gather as much relevant information about the situation as possible by auditing for privileged accounts.

 

How to Identify Privileged Accounts in Windows, Linux, Active Directory, and more


 

Privileged accounts can live anywhere, and finding them manually across UNIX, Windows, and Linux platforms with all kinds of different applications and devices is extremely tedious and ineffective. To make the task manageable, we developed the PAM Sniffer, a free tool for privileged account discovery.

Screen Shot 2017-07-28 at 12.43.15 PM

Screen Shot 2017-07-28 at 1.02.30 PM

The tool plugs into Windows, Unix and Linux operating systems to identify privileged accounts. It can also search a range of IP addresses, domains, or in directory services such as Active Directory. Just enter the server details along with your administrator credentials, and the PAM Sniffer will export a text list of privileged accounts on the system.  

Screen Shot 2017-07-28 at 12.54.07 PM

The text list gives you insights about your privileged accounts, which include:

  • Operating system

  • Days since last password change

  • Last login time

  • Whether or not the password expires

  • If the account has been locked

  • If the account is expired

  • Other details such as account name and type


All of the information can then be exported into an excel spreadsheet where you can further analyze the accounts. This will be useful in the second phase of privileged account management, which will create a remediation plan to get those accounts under control.

 

button-6

*Note - the PAM Sniffer is included for free in the Privileged Account Manager 30 day trial. Just download the trial from the link above, and you will also recieve the PAM Sniffer.

 

If you’d like to conduct more of a manual audit, you could also use powershell scripts to identify the accounts. This works pretty well in Windows (Active Directory, mostly), but scripts are a little harder to come by for Linux and Unix. Scripts also don’t provide you with the same features that the PAM sniffer does, but hey, some people like to do it the hard way. Below are links to a few of those powershell scripts.

Check out Active Directory Powershell Scripts here and here

Windows Powershell script here.


 

Next steps


 

Your privileged account audit will provide the base to work towards a comprehensive solution, which will allow you to eliminate unnecessary privileged accounts, simplify audits, ensure compliance, and automate the entire process or provisioning and revoking privileged access while continuously monitoring risks. The objective is to enhance security and operations at the same time - great security allows for great and efficient operations.

Conducting a privileged account audit is the first of the four steps illustrated below.


Screen Shot 2017-06-22 at 12.34.08 PM

Look at our previous post, “How to Manage Privileged Accounts and Identities”, which talks about the entire solution, and look for our next posts about creating a remediation plan for privileged accounts.

Have a question about Privileged Account Management, Pam Sniffer, or PAM in general? Please leave a comment below or visit our forums.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.