Söhner, M. (2014):
Privileged User Password Management in Shared Environments
Administrators often require access to privileged and shared accounts to manage systems, services, and applications. Subsequently, the unlimited power gives them unrestricted access to sensitive data and to important components of the network infrastructure. In order to prevent from insider and outsider threats, the privileged user accounts need to be securely shared between authorized administrators and the access to these accounts needs to be monitored and audited. This thesis analysis the threats that arise from privileged user accounts in shared environments and brings up countermeasures that need to be taken into account in a privileged user password management solution. Besides the security aspects, generic as well as specific requirements of two organizations are presented. For that purpose, the status quo of the current password management as well as use cases at the Leibniz Supercomputing Centre (LRZ) and iC Consult GmbH, which is a system integrator specialized in identity and access management, were analyzed. Based on that requirements catalog, three software products are evaluated and compared to each other. Moreover, the suitability of these products for the purpose of the LRZ and iC Consult is examined. The thesis then proposes a generic architecture that addresses the management of privileged user passwords as well as the fine-grained control of access rights that administrators require to perform actions as privileged user. After that, a demonstrator illustrates some of the use cases that have been brought up during the requirements research by implementing the essential parts of the proposed architecture. In conclusion, the thesis shows that the management of privileged user passwords not only requires a centralized component that securely controls which administrator is authorized to access what privileged user passwords. Moreover, it is necessary to consider special use cases that normal password managers do not have to consider, for example, an emergency access that allows administrators to use a privileged account which they usually are not authorized to use. Additionally, the auditing of shared privileged accounts needs to be addressed and the unrestricted access rights need to be taken into account.