Protecting privileged accounts and actively responding to any potential compromises has become a critical initiative for many CISOs. Stolen credentials are at the heart of most all modern attacks and breaches. Attackers can easily obtain credentials via phishing attacks, brute force, keyloggers, pass-the-hash techniques, or using a database of previously stolen credentials. And once an account is compromised, the attacker can see and do anything that is allowed for that user or account.
The higher the privileges of the account, the more valuable it is to an attacker. Compromise a network administrator, and an attacker would have free rein over the network, its applications, and devices.
However, privileged users are not just limited to IT and security staff. Executives often have access to highly sensitive data, and are regularly granted exceptions to standard security policy. Employees and contractors can be granted higher privileges out of a short-term necessity and later forgotten. Attackers are highly skilled at finding privilege in the nework and turning it to their advantage.
To learn more about best practices for keeping privileged accounts secure, you can download our new paper 6 Tips for Securing Privleged Accounts.
Here is a synopsis of some of the key ways that you keep these all-important accounts secure.
- Identify and Track Privileged Accounts
Privileged accounts can cause serious damage in the wrong hands. Keeping track of privileged accounts and endpoints is the first step towards keeping them secure.
- Downgrade Accounts Where Possible
Users with unnecessary privileged access present a common problem for many enterprise networks that are heavily exploited by cyber attackers. Privileged access means a higher risk of compromising the enterprise network.
- Not all Service Accounts Need Privileged Access
Some of the service accounts that are used by applications required to make changes that only privileged account can be, they can be privileged account but not all service accounts need to be privileged accounts. Service accounts should be carefully review and appropriate access should be provided.
- Don't use the Administrator Account as a Shared Account
In many enterprise networks, the administrator account is used for servicing other accounts or making changes in the network. A shared administrator account should never be used as a service account or otherwise.
- Remove Stale Privileged Accounts
As the IT team grows bigger, security teams should regularly review service accounts and privileged user accounts on a regular basis. If a privileged account is stale, security personnel should review it and disable it if it is not required anymore.
- Change Default Passwords and Enforce Strict Password Rules
Weak passwords are a common culprit that let cyber attackers into enterprise networks or let them gain access to more servers and user accounts by lateral movement. When it comes to passwords, be different and unique – it could make all the difference.