WHITE PAPER

Simplifying Unix and Linux Security

A Strategy Guide for Implementing Server Privilege Management
 Contents
Introduction............................................................................................................... 2
Shortcomings of Traditional Unix and Linux Security Management Practices ......... 3
Unix and Linux Server Privilege Management Platforms .......................................... 4
Limit Who Has Access to Privileged Accounts ....................................................... 5
Achieve Compliance ............................................................................................... 6
Reduce the Risk of Compromise ............................................................................ 6
Avoid Productivity Hurdles .................................................................................... 7
Conclusion a Checklist of Required Capabilities..................................................... 9
Appendix: Why PowerBroker for Unix & Linux? .....................................................10
The PowerBroker Privileged Access Management Platform ...............................10
About BeyondTrust .................................................................................................11

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
1
 Introduction

Managing Unix and Linux server security is nothing new, but its becoming a much greater
concern for organizations. External attackers seek out privileged Unix and Linux accounts
because they are usually incredibly powerful, with largely unrestricted privileged access on too
many servers and attackers know that these accounts are often not closely monitored or
audited. Attackers who gain access to a single root account, or other privileged account, can
use it to jump from server to server undetected, inching closer to their ultimate target, such as
an organizations customer records or intellectual property. Another serious risk comes from
malicious privileged insiders, who may abuse their privileges for similar reasons.
Enforcing privileged access limits and ensuring accountability on Unix and Linux are absolutely
necessary to prevent many data breaches. They are also required for meeting and
demonstrating compliance with major security initiatives, including PCI DSS, HIPAA, and ISO
27000. Unfortunately, improving the state of privileged access can be extremely complicated
and time consuming for the administrators responsible for Unix and Linux security. It can also
significantly hamper the productivity of server administrators and other privileged users.
Consequently, organizations are increasingly turning to a technology that takes care of these
security problems without introducing any of the drawbacks: the Unix and Linux server
privilege management platform.
This white paper is an introductory guide for IT and security teams seeking to take greater
control over their Unix and Linux estate. It provides an introduction to Unix and Linux privilege
management, and explains why implementing comprehensive platform delivers more value
than traditional security management practices such as sudo. This paper also shares some
useful tips on what to look for when evaluating and selecting a platform for your organization.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
2
 Shortcomings of Traditional Unix and Linux Security Management
Practices
For decades, administrators have relied on sudo when performing privileged tasks on Unix and
Linux servers. This approach has notable benefits compared to the original method: directly
using privileged accounts. Using sudo reduces sharing of privileged accounts such as root. Sudo
also allows authorized administrators to have privileged access without having to re-
authenticate. Finally, sudo provides logging and auditing capabilities.

As organizations have increased their use of Unix and Linux servers, however, sudo has
displayed major shortcomings, including the following:

Sudo is not designed for enterprise-wide use, which adds a

Sudo Shortcomings
great deal of complexity to implementing and managing it. For
example, sudo has to be locally configured and managed on
each server. This requires massive amounts of time and effort,
Inefficiency - sudo has
and most organizations lack sufficient in-house Unix and Linux to be locally configured
security expertise to properly maintain sudo. Major and managed on each
configuration errors and other mistakes will occur, especially host
since sudos policy language and format are hard to read and
use, presenting attackers with opportunities to successfully
exploit it. Policy language and
format are hard to read
Each privileged account has far more power than most and use
authorized users need, which enables malicious insiders or
external attackers to do significant harm after gaining access to
No segregation of duties
a privileged account. With sudo, it is generally not possible to
achieve fundamental security principles such as least privilege
and separation of duties that would reduce privileges to only Cant limit access to the
what each individual needs. Sudo does not offer the file system
granularity and flexibility that most organizations require.
Sudo has limited visibility into and control over the system. Command line only
For example, sudo cannot restrict access to the file system or
identify file tampering. Also, sudo cannot track what
Limited auditing and
commands are being executed through a script. logging
Standard sudo only works for command-line execution, not graphical applications.
Sudo relies heavily on syslog for auditing and logging services, which severely limits the
amount of detail that can be recorded.

At best, sudo offers only a limited improvement to security while consuming massive ongoing
effort from scarce experts. Its time to move past sudo and adopt a commercial-grade
approach.
Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
3
 Unix and Linux Server Privilege Management Platforms
A Unix and Linux server privilege management platform is an enterprise-wide solution for
privilege use. The core of the platform is one or more authorization servers. These servers
handle all requests to use privileges on Unix and Linux servers based on each users verified
identity and the privilege use policies configured for the platform. The platform enables
enforcement of granular policies, so each person can receive only the necessary privileges on
only the necessary servers.
In other words, individuals do not have direct
access to use privileges on each Unix and Linux
The overarching goal for a Unix and Linux
server; they do not know passwords or have other
server privilege management platform is to
credentials that would allow privileged access.
limit who has access to privileged accounts
Privileged access can only be acquired through the
in order to achieve compliance and reduce
platforms authorization servers acting on behalf
the risk of compromise without negatively
of authenticated and authorized users who meet
impacting productivity.
all the requirements defined by the organization
within the platform.
Unix and Linux server privilege management platform architecture enables secure centralized
management and monitoring of all privileged use of Unix and Linux servers throughout the
entire enterprise. This is in stark contrast to traditional sudo, which requires local management
and logging at each server while offering limited capabilities to control, monitor, and
investigate privilege use.
The overarching goal for a Unix and Linux server privilege management platform is to limit who
has access to privileged accounts in order to achieve compliance and reduce the risk of
compromise without negatively impacting productivity. There are four distinct objectives within
that goal:
1. Limit who has access to privileged accounts
2. Achieve compliance
3. Reduce the risk of compromise
4. Avoid negatively impacting productivity

The key to finding the best solution for your organization is to take all these concepts into
consideration and look for a platform that excels at all of them.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
4
 LIMIT WHO HAS ACCESS TO PRIVILEGED ACCOUNTS

By definition, all Unix and Linux server privilege management platforms eliminate the need for
shared privileged accounts. Each user has a unique account, and privileges are granted to each
user. This addresses the ambiguity of having a single privileged account with credentials shared
by numerous people, which makes it difficult to trace who has access to a privileged account,
and what actions they have performed, at any given time.
There are special cases where administrators need to use the root account or another
privileged account. A Unix and Linux server privilege management platform should also enable
and support this, allowing necessary administrative tasks to be performed while tracking who is
using the account at any given time.
In addition to ensuring that only the authorized user accounts are able to perform privileged
commands, it is also critical to ensure that the users themselves are being properly
authenticated. Your organization may want to use separate user accounts and credentials for
your Unix and Linux server environment, in which case it is strongly recommended to use a Unix
and Linux server privilege management platform that supports multifactor authentication. This
greatly reduces the risk of an attacker being able to steal a users credentials and reuse them to
gain privileged access to servers. It also thwarts attempts by users to violate policy by sharing
their account credentials. The beauty of using a platform that supports multifactor
authentication is that it only needs to be implemented for the platform and not for any of the
individual Unix and Linux servers.

Alternately, your organization may want to leverage its existing enterprise directory service
technology with authentication capabilities, instead of having a separate enterprise
authentication mechanism or relying on local authentication for Unix and Linux servers. Some
Unix and Linux server privilege management platforms offer easy integration with these
technologies, including those based on NIS+ or Lightweight Directory Access Protocol (LDAP).
Organizations with Active Directory (AD) or other LDAP user stores should look for platforms
offering bridging to those stores. This enables people to use their existing usernames and
credentials for Unix and Linux server access. The server access still occurs through the Unix and
Linux server privilege management platform, streamlining enterprise user account
management. A major benefit of this approach is that, when a user leaves the organization or
changes roles, his/her access to all systems throughout the enterprise can be revoked or
revised in one place.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
5
 ACHIEVE COMPLIANCE

Nearly every organization is subject to one or more major security or compliance initiatives,
such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card
Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-
Leach Bliley Act (GLBA), the Federal Information Security Modernization Act of 2014 (FISMA),
and the International Organization for Standardization (ISO) 27000 series of standards. All of
these initiatives require organizations to know who is accessing their sensitive systems and
data; to monitor, log, and audit that activity; and to generate reports that provide evidence of
the organizations compliance with the initiative requirements.
Your organization should look for a Unix and Linux server privilege management platform that
supports the requirements of all common security compliance initiatives that apply to your
organization. This should include robust monitoring, logging, and auditing capabilities that not
only record who was using privileged access on a server at any given time, but also detail what
commands or other actions the individual performed, along with timestamps and other
metadata.

The platform should go beyond those capabilities to monitor, log, and audit what the server
actually executes and not just the commands themselves for example, look at every action
triggered by running a script instead of just logging that a script was run. Ideally, the platform
should also offer the ability to record privileged sessions and to allow authorized platform
administrators to play back sessions, with that playback logged and audited as well. These
capabilities provide transparency for privileged use, which is necessary for meeting compliance
requirements.
You should also prioritize reporting capabilities when evaluating Unix and Linux server privilege
management platforms. A platform should offer built-in reports for all the common security
compliance initiatives that apply to your organization, which makes generating evidence for
compliance reporting and audits trivially easy. Will you ever need to create new reports on
demand? If this might be the case, be sure to assess the platforms ability to customize report
settings.

REDUCE THE RISK OF COMPROMISE

Limiting who can have privileged access to Unix and Linux servers represents a critical step
toward preventing unauthorized use of privileges, but other actions are also necessary. If an
attacker gains access to a privileged users account or client device (e.g., desktop, laptop,
smartphone, etc.) the attacker could use that access to issue privileged commands under the
users identity. An authorized user could essentially become a malicious insider and misuse
privileges to ply away sensitive data. On the other hand, an authorized user could also simply
make a mistake, such as running commands on the wrong server, inadvertently creating a
security weakness just waiting to be exploited.
Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
6
 Theres no way to completely eliminate the risk of compromise, but there are several ways to
use a Unix and Linux server privilege management platform to reduce that risk. Here are
important features you should look for:

The ability to specify privileges with a high degree of granularity. For example, you should
be able to restrict access and available privileged commands for each user by day, date,
and/or time, and by the source and/or destination hosts. Consider the benefits of being
able to restrict a user who only needs to execute a single privileged command on a few
servers on Fridays, as opposed to having to grant that user unrestricted access to an
account with unlimited power across hundreds of servers. Sufficient granularity enables
your organization to achieve the principles of least privilege and segregation of duties,
principles that are required by most security compliance initiatives.
Support for role-based access control. Role-based access control involves creating roles,
specifying privileges for each role, and then assigning users to each role. This is much more
efficient and less error prone than manually assigning all privileges to users.
The ability to restrict and monitor access and changes to system files, directories, and
other critical objects. Unauthorized changes to these objects are a common sign of an
attack in progress. The best Unix and Linux server privilege management platforms not only
enforce access restrictions for these objects with the same granularity discussed above for
other privileges, but they also perform file integrity monitoring to detect unexpected
changes to files and directories, and immediately report them to administrators for
investigation and intervention.
Constant monitoring and analysis of all log entries. A Unix and Linux server privilege
management platform should be able to identify suspicious activity recorded in its logs and
act accordingly, such as alerting platform administrators so they can investigate the activity
and intervene if needed.

AVOID PRODUCTIVITY HURDLES

The potential downside of tightening privileged access to Unix and Linux servers is negatively
impacting organizational productivity. By carefully evaluating prospective Unix and Linux server
privilege management platforms, you can select the one that provides the greatest security
benefits while also avoiding any degradation of productivity for privileged users, privileged
administrators, and operations staff.
In terms of people using privileges, its important that the platform handles all the necessary
permission brokering and other transactions behind the scenes so users dont have to be aware
of it or understand it. The platform should actually make privilege use more efficient by
enabling people to authenticate once and then perform their work on all necessary servers
without re-authenticating, regardless of which permissions or privileges are needed on each
server.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
7
 A Unix and Linux server privilege management platform can also improve efficiency for the
administrators of those privileges, as well as the staff responsible for server operations. Look
for platforms that are simple and easy to set up and manage, and that support a wide variety of
Unix and Linux platforms to enable true centralized enterprise-wide administration. Favor
platforms that can be deployed to Unix and Linux servers without requiring server reboots
and ideally without needing to modify any kernels. Another important consideration is a
platform with an application programming interface (API) to minimize the resources needed to
integrate the platform with third-party applications. Also, make sure that the platforms vendor
offers around-the-clock technical support just in case an unexpected problem arises and
immediate help is needed.
Organizations may also be able to increase productivity and save money through the use of a
Unix and Linux server privilege management platform. For example, in the past a task such as
password resets may have been performed by highly paid Unix and Linux administrators
because only they had the sufficient privileges to do so. With the ability to grant privileges
much more granularly, an organization can shift password resets and other such tasks to help
desk personnel while only granting them the privileges for resetting passwords.

A final, important consideration for privilege administrators and server operations staff is
scalability. Obviously, the Unix and Linux server privilege management platform needs to be
capable of supporting all your servers, users, and administrators and providing them with the
necessary performance, but the platform must also be highly scalable to accommodate logging
needs. Performing granular logging around the clock can require large and rapidly growing
amounts of storage, especially to preserve the logs for a long period of time to satisfy
compliance requirements and forensic needs. The logs must also be indexed at all times so that
the platform can rapidly respond to queries in support of investigations, enabling people to
quickly and easily find the necessary information.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
8
 Conclusion a Checklist of Required Capabilities
Traditional approaches to Unix and Linux security management are woefully inadequate for
meeting organizations current needs. Attackers seek privileged Unix and Linux accounts
because they are weakly secured yet grant access to a wide range of systems and privileges on
those systems. Organizations fail to achieve compliance with major security initiatives such as
PCI DSS, HIPAA, and ISO 27000 because sudo doesnt provide the necessary accountability or
transparency, nor does it enforce fundamental security principles such as least privilege and
separation of duties. And, because sudo is not designed for enterprise-wide use, it is incredibly
complex and time-consuming to manage.

Enter the Unix and Linux server privilege management platform. It provides an elegant and
robust solution that is far superior to relying on sudo. By choosing the right product for your
organization, you can limit who has access to privileged accounts in order to achieve
compliance and reduce the risk of compromise without negatively impacting productivity.
Important platform features to look for include the following:
Highly granular privilege specification, such as restricting which commands each user or
user role can issue on each server based on date and time, source host IP address, and
other attributes
Support for multifactor authentication and/or the ability to use your organizations existing
enterprise directory service technology with authentication capabilities
Robust monitoring, logging, and auditing capabilities for all privilege use, including the
ability to record privileged sessions and play those sessions back for authorized
administrators, and looking at everything the system tries to execute regardless of its
source (running a script, typing a command, etc.)
Around-the-clock analysis of logs to identify suspicious activity
Built-in reports for all common security compliance initiatives your organization is subject
to, as well as the ability to customize built-in reports and create new reports on demand
Enforcement of access and modification restrictions on system files, directories, and other
critical objects, to include robust file integrity monitoring capabilities, to detect unexpected
changes that merit investigation
Invisibility of the solution to users, who should be unaware of the negotiations and
transactions happening behind the scenes
Ability to improve efficiency for privilege administrators and operations staff by
streamlining and centralizing privilege administration, making setup and deployment simple
and non-invasive, offering an API for easy integration with other enterprise applications,
and having technical support available as needed to resolve unexpected issues
High scalability to accommodate logging needs, especially for long-term log storage and for
up-to-date log indexing to enable rapid responses to investigative queries
Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
9
 Appendix: Why PowerBroker for Unix & Linux?
PowerBroker for Unix & Linux is a least privilege solution that enables IT organizations to
eliminate the sharing of credentials by delegating Unix and Linux privileges and elevating rights
to run specific Unix and Linux commands without providing full root access. With complete
auditing and recording of all user activity plus a simple graphical user interface for
management, and centralized policy management organizations can easily achieve their
security and compliance objectives. PowerBroker enables organizations to:
Elevate privileges on an as-needed basis, without exposing the root account password
Monitor event logs and file integrity for unauthorized changes
Capture keystrokes and screens with searchable playback for complete documentation of
privileged user activity
Simplify the management of all policies, roles and log data with a single point of
administration
Leverage a single least privilege enforcement solution across more than 100 flavors of Unix
and Linux
Achieve complete privilege management across all platforms Windows, Mac, Unix and
Linux

THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM

PowerBroker for Unix & Linux is part of BeyondTrusts solutions for Server Privilege
Management and integrates with other privileged access management solutions in the
PowerBroker Privileged Access Management Platform. The platform is an integrated solution to
provide control and visibility over all privileged accounts and users. By uniting capabilities that
many alternative providers offer as disjointed tools, the PowerBroker platform simplifies
deployments, reduces costs, improves system security and closes gaps to reduce privileged
risks.
For more on PowerBroker for Unix & Linux, visit
www.beyondtrust.com/products/powerbroker-for-unix-linux.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
10
 About BeyondTrust

BeyondTrust is a global cyber security company that believes preventing data breaches
requires the right visibility to enable control over internal and external risks.
We give you the visibility to confidently reduce risks and the control to take proactive,
informed action against data breach threats. And because threats can come from
anywhere, we built a platform that unifies the most effective technologies for addressing
both internal and external risk: Privileged Access Management and Vulnerability
Management. Our solutions grow with your needs, making sure you maintain control no
matter where your organization goes.
BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including
over half of the Fortune 100. To learn more about BeyondTrust, please visit
www.beyondtrust.com.

Simplifying Unix and Linux Security April 2017. BeyondTrust Software, Inc.
11