Privilege Access Analysis Security Tool for Windows and Linux

Project Brief

In an organization, governing privilege access to their infrastructure, data, and resources is vital to ensure that authorized users have the appropriate level of access to the resources required to do their functional tasks. Privilege accounts exist in every organization.

It is estimated that a user can have up to an average of 7 privileged accounts in an organization. Even though security policies are in place to ensure that passwords expire after a set period, many accounts do not rotate passwords. As a result, they usually remain unmonitored because password rotation is a manual process.

The purpose of the project is to develop a Privilege Access Analysis Security tool to assist the organization by providing insights to reduce risk, which is achieved by conducting Privilege Access analysis and sharing critical information in a concise dashboard.

The problem statement addressed in the project is the failure in the proper management of privilege accounts that results in security and compliance concerns. The solution aims to provide an inexpensive real-time overview of the organization’s compliance.

Approach

During this study, a real-world infrastructure is replicated in the AWS environment. The cloud-based Security tool is created in the Amazon Web Services (AWS) environment with a working AD and Linux infrastructure to replicate real-world scenarios. This infrastructure is used to set up a windows domain controller, Linux servers, and an Ubuntu server for the security tool that will pull the data from the AD server using API scripts. The Ubuntu server is also a webserver to display the analyzed data to the users.

Active directory services installed in a Windows 2016 server, a Primary Domain Controller in AWS, contains privileged accounts and groups. Python Scripts query the Active directory using PowerShell commands, transfer the user and group attributes using REST API to the security tools server and store them in a MySQL database. The data, once stored, is analyzed to form PAM parameters displayed in a simple GUI.

This model Privilege account Environment is based on real-world scenarios containing PAM Role-based access control (RBAC) and User-based access control (UBAC) models that are predominantly used in organizations to manage roles and permissions.

Scripts used in Linux servers query the OS using standard commands to find out the list of local users and users with sudo privileges. These user attributes are analyzed after being stored in the database in the security tool. Once analyzed, the Privilege access parameters are displayed on the dashboard.

The user and group attributes in both Windows Active Directory and Linux devices are analyzed for any correlation to ensure the incoherent data is visualized in a readily available dashboard of the security tool.

Results

In this project, the solution provides a seamless and accessible interface to extrapolate the data from AD and use it for analysis. Although querying AD and Linux devices is possible manually, using the security tool provides access to data in a single dashboard that can be used to analyze further or design a more efficient PAM model.

By simplifying the task and prioritizing data visualization, data analysis, data gathering, and accessibility to the data, the tool resolves the challenge faced by administrators of an organization. The objective is also to discover other data points that can be analyzed and develop better intelligence capabilities for the user.

Keywords: Directory Services, Active Directory, Privilege account, Identity & Access Management, IAM, Privileged Access Management, Windows Directory

AUTHORS

Wasef Anwar

M.Sc. in Cybersecurity


Wasef Anwar in his M.Sc. in Cybersecurity capstone project has developed a Privilege Analysis security tool that assists the organization by providing insights on PAM to reduce and mitigate risks. This project was completed under the guidance of Sridhar Govardhan.

Leave a Reply

Your email address will not be published. Required fields are marked *