Defending Against Remote Access Risks with Privileged Access Management
Remote access is a non-negotiable feature of almost every organization’s IT process. Remote workers, third parties, vendors, and others administrators need to access IT systems from outside the firewall. However, remote access, by its very nature, creates exposure to cybersecurity risks.
A Virtual Private Network (VPN) acts as both a front and back door to critical data and applications. As such, VPNs are magnets for potential abuse as they can be used to gain unauthorized access to systems. They are also entry points into the administrative back-ends of systems where it’s possible to reset configurations and wreak whatever havoc attackers might have in mind. Securing them is a constant challenge. Indeed, some notorious data breaches have been traced to the hacking of VPNs.
Remote Access Hacks
Almost every major data breach has involved some type of unauthorized remote access. A few notable examples stand out. The theft of member data from the adultery dating site, AshleyMadison.com, for instance, has been attributed to VPN hacking. According to Forbes, the attackers were able to access root on all of the site’s servers by using the password “Pass1234” on their VPN.
The Target hack, which led to a breach of millions of credit card account records, was executed through the store’s air conditioning (HVAC) vendor. Using the HVAC vendor’s VPN credentials, the hackers entered Target’s network and got into Target’s payment systems. Target had granted VPN access to the vendor so they could monitor energy consumption at the retailer.
In another striking case, a terminated system administrator at Georgia-Pacific, one of the world’s largest makers of paper products, used his company’s VPN to gain entry to the network. He embedded his own software and caused a $1.1 million loss to his former employer by shutting down a papermill in a quest for revenge. While he was later arrested, sentenced to prison, and ordered to pay over $1.1 million in damages, the episode reveals how vulnerable even large organizations can be to improper use of remote access, especially by a privileged user.
Remote Access and Privileged Access Management
Like the Georgia-Pacific troublemaker, a privileged user is one who can set up, modify, or delete system accounts, software, and so forth. Given their ability to disrupt IT, there can be serious risk exposure when privileged users are inadequately managed. Privileged Access Management (PAM) is the solution. PAM is a collection of technologies and practices that monitor and manage privileged or administrative access to critical systems.
Each of the three remote access incidents described above was exacerbated by PAM deficiencies. Ashley Madison appears to have had no PAM at all, with an unattended and easily discovered remote access back door to their administrative capabilities. Target seems to have lacked a PAM solution with effective alerting and session tracking to notify IT managers about suspicious privileged account activity. Georgia-Pacific apparently didn’t have the systems in place (either business, technical, or both) to cut off privileged access to a terminated employee.
An effective PAM solution helps defend against such remote access threats. PAM allows IT managers to grant and withdraw administrative privileges to individuals for any system. For example, with PAM, it is possible to assign administrative privileges to the VPN, but then quickly retract them once an employee leaves the organization. That way, even if someone gains unauthorized remote access, their ability to attack internal systems will be limited. At the very least, the PAM solution can monitor back end access logins and alert administrators about privileged sessions that do not comply with access policies, e.g. why is the HVAC vendor logging into the Point of Sale (POS) system?
The WALLIX PAM Solution for Remote Access
WALLIX offers a comprehensive PAM solution. It offers countermeasures to protect against abuse of remote access, by providing a single point of privileged access policy definition and enforcement. Once WALLIX Access Manager is set up with access policies, it knows the administrative privileges of every user seeking access. Privileged users must clear Access Manager before gaining access to any system that WALLIX covers. This way, even if a malicious actor can gain remote access, he or she will have a lot of trouble accessing root in a target system.
The WALLIX Password Manager centrally stores passwords for end users as well as for specific systems. A remote user only receives one password – from WALLIX – which then determines which systems he or she is allowed to access. This way, a remote user does not need to know specific system passwords. As a result, he or she will not be able to circumvent WALLIX to access prohibited systems by logging in directly with privileged credentials.
WALLIX Session Manager tracks, records, and controls privileged access sessions, creating an audit log and preventing forbidden actions. All privileged users and devices communicating remotely with the network can be tracked in real time. This capability helps with incident response and breach remediation.
Installation, use, and control of WALLIX is simple. The solution can be quickly deployed as a single gateway that admins log into once to access all its features. The solution is extremely adaptable and relatively maintenance-free due to its agentless architecture.
Intrigued? Watch our webinar about WALLIX PAM and how it can help with remote access threats, or contact us to learn more.