Bugwatch: The hidden hazards of passwords

As passwords change hands or remain unchanged, the likelihood of a security breach increases
Calum MacLeod, senior consultant, Cyber-Ark, vnunet.com 24 Nov 2004

Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

This week Calum MacLeod, senior consultant at Cyber-Ark, highlights the dangers of a new disorder affecting the users of administrator passwords.

I may have just made a breakthrough for medical science, and uncovered a genetic disorder that has been overlooked by medical research. This condition has been right under our noses for so long, and yet no one has seen fit to look into it. However, its consequences are significantly more far reaching than we may have realised.

When I became aware that I shared the problem with my father I simply assumed it was a coincidence, but now that I see my son with the same problem I have to accept that it is far more serious than I thought. I call it the 'Carkey Syndrome' and it manifests itself by the sufferer constantly losing his 'car keys'.

Now you may think that this is something that the individual should learn to live with, but unfortunately many sufferers are administrators in IT departments.

The backbone of every enterprise infrastructure is a massive network of servers, network devices, security and other infrastructure that creates the complex communications network, or nerve centre, of a company.

Every day, systems, network and security administrators are logging onto these critical infrastructure points for routine maintenance, repair and application of the most updated security patches.

Many of them are running around with 'root' and 'administrator' privileges, either with their personal user or with their commonly used accounts. And they're losing them all the time.

Administrators, like many of us, have the best of intentions, but the more those passwords exchange hands or remain unchanged, the greater the likelihood of a security breach. Also, because administrative passwords frequently need to be shared, there is an increased risk that they are just left lying around somewhere.

This results in administrative passwords becoming widely known and changed less frequently. Since administrative privileges are required for emergency and disaster recovery, only a reliable password management policy can guarantee that the correct passwords will be promptly available in these time-sensitive circumstances.

As a stopgap measure, many companies store passwords for these systems in files like spreadsheets and simple databases. A quick penetration test will show just how easy it is to get at these documents.

Mismanagement of administrative passwords is a major cause of security breaches and one of the top reasons for long recovery processes from IT failures.

The problem would be easy to fix if large organisations did not demand near-instant access for administrators struggling to keep up with crashes and maintenance. But since this is unlikely to change, companies have to look closely at the way passwords are saved, controlled and managed.

The most effective way to reduce the potential hazards of administrators suffering 'Carkey Syndrome' is to apply an effective policy, which should at the very least include the following components.

Centralised administration
Often, different IT groups control different pockets of passwords. It's important to take steps to create a centralised policy, procedures and enforcement mechanism. Otherwise, there is no way to ensure that each business or technical unit is doing its best to protect the keys to the kingdom.

Secure storage
Administrative passwords should be securely stored in a way that offers strong authentication, granular access control, encryption and auditing to safeguard every password.

Worldwide secure availability
At the same time, remote access is also critical. With today's distributed enterprises, administrators need access beyond network boundaries, where they can securely access and share passwords from anywhere within or outside the enterprise network.

A dual-control mechanism
This would require two or more administrators to access passwords to the most sensitive or vulnerable servers.

Routinely change passwords and track history
In addition to secure storage, the only way to ensure the long-term security of passwords is to alter them routinely.

Intuitive auditing
As passwords are used, changed or added, organisations will need to audit the whereabouts and use of passwords without poring over log files. Regulatory compliance measures are also driving routine auditing and tracking of access to vital systems.

Disaster recovery plan
Administrative accounts play a major role in recovering from incidents that range from a simple problem to a full off-site disaster recovery. Look into technologies for automated, safe replication of vital administrative information that can guarantee the availability of those accounts in time of need.

'Carkey Syndrome' is a serious condition which rarely responds to conventional treatment, but there are measures available to reduce the impact on your business. Many companies have found that one of the most effective remedies is to store them in a digital vault.

Original article: http://www.vnunet.com/news/1159637

Our Software