Administration network: 6 risks addressed by PAM

Administration network

Within any organization, there are several risks for the administration network: some have a high occurrence and are simple to deal with, others are rare but complex to handle. The use of a Privileged Access Management (PAM) solution allows to manage these risks by minimizing or even eliminating them.

Administration network: protean risks

The risks that arise on the administration network can be the result of deliberate acts but also due to errors or negligence. From the use of generic accounts to the transfer of corrupted files, we have identified 6 concrete risks (non-exhaustive list) for organizations, from recurring and easily treatable risks to those that are rare but also more complicated to deal with:

  • Generic accounts: The use of generic accounts can be dangerous because it is not possible to trace access to the information system. In case of data leakage or malicious action, it is then impossible to identify the source, which encourages, by corollary, this type of action.
  • Shadow admin: This is an internal administrator or a third party who creates an administrator account hidden from the information system. The administrator has an official account but, in a malicious or unconscious manner, creates a parallel administration account to go faster, without having to ask for authorizations or anything else. These parallel administration accounts are thus impossible to trace and control. Therefore, there is a risk of data leakage, since the administrator can use this account to access administration data without any surveillance, but also possibly be the source of ransomware propagation.
  • Former administrator: This is the case of an administrator who leaves the company, but still knows the credentials that are used to access the administration network. He continues to have access to resources and sensitive data and if he wants to be malicious, he will be able to recover sensitive data or disorganize the information system.
  • Connection with a compromised workstation: This can be a third-party maintainer or an administrator who connects to a compromised workstation on the company’s administration network. The infected workstation is then a vector of propagation of ransomware or equivalent on the administration network.
  • Identity theft (or session spoofing): For example, if an authenticated provider is temporarily absent from his workstation and someone takes control (physically or remotely) of the provider’s legitimate session. It can also be a malicious user who manages to steal the provider’s identity despite strong authentication mechanisms and thus connect using legitimate credentials. In these cases, the malicious user will be able to perform malicious actions or steal confidential data.
  • Transfer of infected files to the administration network: It can be an administrator who, for example, must perform an update action on a server. He uses his device to connect to the administration network and transfers an update file retrieved from the Internet to perform the update. If this file is corrupted, there will be a propagation of ransomware or equivalent on the administration network.

The responses of PAM to these 6 risks

PAM solutions offer various functionalities to reduce or even eliminate these risks:

  • Automatic password injection: The automatic injection of passwords in resources or applications allows to protect against the risks related to generic accounts since the administrator does not know the passwords. This prevents any transmission of credentials to a third party. Since the administrator is connected to his own session, all accesses to the administration network are traceable.
  • Account discovery: By scanning the administration network at regular intervals, the account discovery feature will be able to detect all shadow admin accounts and either reintegrate them in the list of official accounts (and provide traceability control mechanisms) or delete them.
  • Automatic password rotation: This involves regularly and automatically changing passwords so that a former administrator can no longer use his old password once the rotation has been completed.
  • Sterile disposable administration workstation / Hardened access terminal: This is one of the specific features of Systancia Cleanroom Desk, Systancia’s PAM solution, which offers a virtual administration workstation that deals with the risk of connection with a compromised workstation. The administrator connects to this virtual workstation which allows him to access the administration network, reducing the attack surface and preventing the user’s terminal from being an attack vector on the administration network. It is also possible to go a step further with Systancia Cleanroom Terminal. Even the administrator’s access terminal is replaced by a hardened thin client terminal to further reduce the attack surface: this involves using a physical terminal without an OS, which cannot be attacked. This terminal gives access to a sterile disposable virtual administration workstation, regenerated at each session, to finally access the administration network.
  • Continuous authentication of the administrator: With Systancia Cleanroom Authograph, a continuous user authentication mechanism based on behavioral biometrics (and in this case on the way the user uses the mouse and types on the keyboard), Systancia’s PAM solution will be able to guarantee the user’s identity in real time and thus eliminate any risk of identity or session usurpation.
  • A secure exchange gateway: It is possible to avoid any transfer of infected files to the administration network thanks to Systancia Cleanroom Hawkeye, the secure exchange gateway between the office automation network and the administration network and vice versa. Systancia Cleanroom Hawkeye checks that the type of file to transfer is authorized, whether the user has the right to transfer this type of file, and carries out an antivirus scan on this file to finally transfer it when it is validated.s

Systancia Cleanroom, Systancia’s PAM solution, with its various modules and functionalities, allows to drastically reduce the complexity of the operational response to these risks that arise on the administration network and in particular to certain risks that are rarely handled by third-party PAM solutions.