When people are first getting started with managing a server. It is common to just use the default administrative account for managing things. For example, when you root on a Linux system and Administrator on Windows. As you bring more users into the team to manage the servers, users are also given the administrative account credentials.
Safeguard Against User Errors
This creates problems as all the users have full access to everything on the server, which can pose issues if some lack experience – they can also make mistakes. The consequence is that once mistakes are made there’s a lack of accountability to assist in finding out which user made the mistake and ensure they know what to do next time. A further problem is that once a user leaves the team, the password for the administrative account would need to be changed and disseminated to all other users to keep the account secure. You can see how that might be easily overlooked, leaving the system potentially vulnerable.
Here are some general guidelines for moving on beyond the single administrative account system:
This is a key tip: all users should get their own account. There should be no account sharing. Users should be educated to keep their accounts secure as second nature.
User accounts should have limited administrative functionality where possible. This means making note of the work that a user may be expected to perform and limiting their account’s access to these tasks. The purpose of limiting accounts is to prevent attackers from having unlimited access to the server in the event that one of the user’s accounts becomes compromised. Both Linux and Windows offer methods of limiting the administrative applications that a user can run on the system.
Centralize authentication where possible. If your users are working on a number of servers then a lot of time can be saved by centralizing user authentication to an authentication server. A Domain Controller for Windows is useful, or an LDAP/RADIUS server for Linux systems. This provides some key benefits in that users can have their accounts disabled in a single location. They can also use the same username/password combination on all servers. Therefore the password is easily updated in a single location. The account management overheads of having to edit multiple individual accounts on each server can soon become somewhat time-consuming.
In a similar vein to centralizing authentication, it’s also recommended to centralize logging, at least for user authentication. This will allow you to keep track of the user’s connection and disconnection histories on your servers in a central location. This can be helpful for spotting out of place logins that may hint at a compromised user account. These records can be extremely helpful and even illuminating.
Keep Track of Users
Minimize the number of users who have the ability to modify user accounts and keep a log of what and why they have access to various features and applications. This means that later on you have a reference to find out why a user has specific permissions and can make it easier to work out what another user in the same role may require. Minimizing the number of users able to make changes to the user accounts it helps to keep an easy auditing trail of changes.
While it may seem a bit of a hassle when getting started, once the systems are in place for better user account management, you should find yourself saving time and making life a lot easier compared to users sharing the same privileged account.