Manage Superuser and Root Privileges with
Novell Privileged User Manager
Written by Ken Baker
Whether Linux or UNIX drives your mission-critical services and applications, your servers are the backbone of your IT infrastructure. But when multiple users in different types of roles need administrative access to those systems, it can be a major challenge to securely control that access—especially if those users all have unbridled superuser or root-account access. The more users in your organizations with carte blanche control of your IT resources, the more you leave yourself open to costly security risks and regulatory penalties. The seriousness of this concern becomes even more evident when you realize that according to the Verizon 2010 Data Breach Investigations Report, 48 percent of all breeches originate internally, with a large portion of those due to improper access or misuse of credentials.
The high security risks associated with granting administrators and developers full superuser and root-account privileges should make you reevaluate how and to whom you grant privileges. It’s very likely that many of your administrators really only need limited access to your systems to perform specific functions that require superuser privileges. So how do you limit their privileges to the access that they actually need? That’s where Novell Privileged User Manager comes in to action.
According to the Verizon 2010 Data Breach Investigations Report, 48 percent of all breeches originate internally, with a large portion of those due to improper access or misuse of credentials.
Policy-Controlled Command Execution
Novell Privileged User Manager removes the need for administrators or programmers to know the root-account credentials for Linux and Unix servers, operating instead on the concept of “least privileges” (limiting users’ privileges to only what is absolutely necessary to perform their jobs) and using a process of delegation. Rather than providing root credentials to your administrators so they can do their jobs, delegation lets users log in with their unique user ID and password and assume the root account rights needed to perform a specific action. So, when a logged-in user attempts to execute a specific command that requires superuser or root privileges, Novell Privileged User Manager uses policy to determine whether its execution should be allowed. If authorized, Novell Privileged User Manager executes the command on that target host using privileged-account credentials on behalf of the user.(See Figure 1.)
To enable this, Novell Privileged User Manager sits between the user and the operating system, intercepting typed commands and sending those commands to a central authorization data base for approval. Novell Privileged User Manager determines approval according to policies you define in the context of who the user is, what the command is, where it’s being executed and when it’s being executed. It can also provide separation-of-duty verification and accountability of user actions. Privileged User Manager eliminates the need for users to know the superuser or root password, while still allowing them to do their jobs.
A powerful aspect of Novell Privileged User Manager is its centralized, policy-based architecture. You define policies in a single location, and Privileged User Manager automatically and consistently enforces the policies across every Linux, UNIX and Windows server in your environment. When you make a policy change, the policy is updated in real time and automatically enforces the revised policy consistently across all servers. As a result, you don’t have to touch every box to control or change specific privileges for users’ local accounts, allowing you to react more quickly to emerging security concerns or changes in regulatory rules.
To help you ensure that delegated superuser or root privileges are being used in a proper manner, Novell Privileged User Manager watches everything the user does on the server. According to policy, you can have it record single commands or entire user sessions. It extracts full keystroke data, storing it in secure, redundant data bases. It automatically analyzes and grades the collected commands based on activity risk levels, the user, the host, the working directory and the typed command, and then presents them with color-code risk ratings to help you or auditors make sense of large amounts of event and session data.(See Figure 2.) You can even drill down into a session event to view and playback its keystroke activity. Novell Privileged User Manager can also provide you real-time alerts of anomalies or command attempts that don’t adhere to policy.
Modular Framework Architecture
The following four main architectural components make up the Novell Privileged User Manager product:
The framework provides the product's modular plug-and-play functionality and scalability so its different manager modules and agents can be deployed as needed. It provides a centralized registry that enables services and administration of the entire framework from any single point on the enterprise network. The framework handles distribution of components, acts as a certificate authority, and ensures communication between the product’s various components.
Novell Privileged User Manager removes the need for administrators or programmers to know the root-account credentials for Linux and Unix , operating instead on the concept of “least privileges.”
The Manager Modules comprise a collection of modules that can be plugged into the framework to provide a variety of different services and functions, including the following:
- Command Control Manager – The policy data base
- Audit Manager – A collection of data bases that maintain a history of the events and keystrokes for audit purposes
- Registry Manager – Maintains a data base of all framework hosts and modules, and provides certificate-based registration features for the hosts
- Access Manager – Maintains a list of user accounts and provides authentication services
- Package Manager – Manages a repository for the different modules and components in the product
Manager modules can be distributed onto multiple framework hosts to provide load balancing and fail-over for the framework.
Command Control Agent
The Command Control agent provides both client- and remote-execution functionality. It obtains command execution approval from the Command Control Manager and acts as the product's policy enforcement point, authorizing or denying the execution of commands based on decisions made by the Command Control Manager.
Command Control Interface Console
The Command Control Console provides a unique Flash-based GUI management console that can be used from any Web browser. Its intuitive drag-and-drop interface lets you centrally create rules and manage security policies, review high-risk commands and electronically sign-off on user activity. With the drag-and-drop interface you don’t have to manually code rules and security policies. Instead, you can easily build sophisticated control structures by simply dragging your rules into nested hierarchies, giving you granular control over even the most demanding environments. (See Figure 3.)
To learn more about how Novell Privileged User Manager can help you secure your IT infrastructure, visit its resource library at resource library where you can view Webcasts and read white papers, flyers, and case studies.