Scott Walker, Senior Solutions Engineer EMEA, BeyondTrust, explores exactly what a superuser account is, the security implications of a misused account and how to best protect and manage them.
One of the biggest issues facing organisations is the elimination of bad practices related to the use and abuse of privileged accounts. Organisations frequently suffer from unrealistic policies that are being bypassed, usually because of a lack of resources or having no policies in place at all.
But of these privileged accounts, one with which organisations may not be well acquainted, concerns ‘superuser’ accounts.
Superuser accounts exist virtually within every organisation and require elevated levels of access – users range from specialist IT administrators, help desk people, developers, even third-party vendors and other applications that need to talk to databases or other applications to exchange information. These users also need a privileged account in order to carry out their tasks, which means there’s a lot of risk associated with these superuser accounts.
These superusers and accounts may have virtually unlimited privileges, or ownership, over a system. Superuser account privileges may allow:
- Full read / write / execute privileges
- Creating or installing files or software
- Modifying files and settings
- Deleting users and data
Given how powerful these accounts are, it’s important that businesses are aware of the security implications they entail, the best practices for securing them and key technologies for managing and protecting superuser accounts.
Superuser accounts in operating systems
In order to protect and manage superuser accounts, businesses firstly need to be aware of the different operating systems that superuser accounts exist within, which include Windows, Linux and Unix / Unix-like systems.
In Windows systems, the administrator account holds superuser privileges in which each computer has at least one administrator account. The administrator account allows the user to install software, change local configurations and settings, and more. Standard users have a considerably restricted set of privileges, while guest user accounts are customarily limited even further, such as to just basic application access and Internet browsing.
In Linux and Unix-like systems, the superuser account, named ‘root’, is virtually omnipotent, with unrestricted access to all commands, files, directories and resources. Root can also grant and eliminate any permissions for other users. While Mac OS X is Unix-like, unlike Unix and Linux it is rarely deployed as a server. As a default, Mac users run with root access — however, as a best security practice, a non-privileged account should be created and used for routine computing to reduce the scope of privileged threats.
Security implications of superuser accounts
When misused, either inadvertently (i.e. mistyping a powerful command or accidentally deleting an important file), or with malicious intent, superuser accounts can wreak catastrophic damage upon a system or an entire organisation.
Most security technologies are helpless in protecting against superusers because they were developed to protect the perimeter – but superusers are already on the inside. Superusers may be able to change firewall configurations, create backdoors and override security settings, all while erasing traces of their activity.
Insufficient policies and controls around superuser provisioning, segregation and monitoring further heighten risks. For instance, database administrators, network engineers and application developers are frequently given full superuser-level access. Sharing of superuser accounts among multiple individuals is also a rampant practice, which muddles the audit trail. And in the case of Windows PCs, users often log in with administrative account privileges –far broader than what is needed.
Cybercriminals, irrespective of their ultimate motives, actively seek out superuser accounts knowing that, once they compromise these accounts, they essentially become a highly privileged insider. Additionally, malware that infects a superuser account can leverage the same privilege rights of that account to propagate, inflict damage and pilfer data.
In one of the more infamous tales of a rogue insider, Edward Snowden, an IT contract worker for the NSA, abused his superuser privileges to access, copy and leak over one million highly sensitive NSA files. In the wake of this scandal, the NSA targeted 90% of it system administrators for elimination, to better establish a least-privilege security model.
Superuser accounts need protecting and monitoring
Organisations need to protect and rein in superuser accounts to ensure they are not being misused and exploited – in order to so, implementing the following best practices are essential:
- Enforce least privilege access: Limit superuser membership to the minimum people. Ensure that each user has the absolute minimum privileges they need to do their job. This can mean elevating privileges temporarily when needed (such as to an application), but without granting full superuser rights to the user account. In Unix and Linux systems, the sudo (superuser do) command allows a normal user to temporarily elevate privileges to root-level, but without having direct access to the root account and password.
- Segment systems and networks: By partitioning users and processes based on different levels of trust, needs and privilege sets, you can constrain where and how a superuser can act.
- Enforce separation of privileges: This will entail separating superuser functions from standard account requirements, separating auditing and logging capabilities within the administrative accounts and even separating system functions (read, edit, write, execute, etc.).
- Enforce superuser password rotation and security: Passwords should meet rigorous security standards. Passwords should be regularly rotated, including after each use for the most powerful accounts.
- Monitor and audit all superuser sessions: Record, log, audit and control all superuser session activity to provide accountability and meet with compliance demands.
The challenge of course, is how to ensure these best practices are enforced – the only way to deal with this in an effective manner is by implementing a robust solution that manages privileged accounts.