Q&A: Insider Threat
by HNS Staff - Monday, 14 July 2008.
Orphaned privileged accounts and orphaned access are trickier problems to solve. These issues generally revolve around people that are granted systems maintenance responsibilities at some point during their tenure with a company. Orphaned privileged accounts are highly-privileged accounts like a root shadow account that an administrator may create on a system simply to make various tasks a little easier. The main problem with these accounts is that they are created outside of the normal process, so if that person leaves or moves to a different role where that access is no longer required, there is no record of this account being created and it most likely will not be removed. Often, these accounts are given names that make them harder to detect. This also makes them harder to identify when the appropriate time comes to remove them.

Orphaned access is the relative of orphaned privileged accounts. This refers to access to common privileged accounts such as root, Oracle sys and Cisco enable in organizations that still share the passwords for these accounts. Unless a company is diligent in rotating all the passwords to privileged accounts every time an IT staffer leaves or when their role in the organization changes, a company is very susceptible to misuse of this privileged access. In our survey that I cited earlier, 62 of respondents stated they were still sharing privileged among their IT staff. This is a disaster waiting to happen.

Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //