One of the most fundamental methods of controlling insider threat in a company is to manage and monitor both user and privileged access to critical systems and data. Very commonly, companies rely on the trust-based approach to “manage” access control. Simply trusting IT administrators with virtual “keys to the kingdom” may be appropriate in some cases, but for the most part, it is an extremely dangerous proposition that could have disastrous consequences.
Admittedly, a trust-based system-essentially assuming that an IT administrator will behave properly with access to sensitive company data-is actually adequate in most cases. Most IT administrators are not interested in stealing, abusing or manipulating data in their organization. However, all it takes is one frustrated IT administrator to expose employee and customer data, thereby compromising a company’s customers, reputation and revenue.
Perhaps the most obvious example of the failings of the trust-based system was the recent lockdown of San Francisco’s computer network by a network administrator. Unhappy over the way his office was being run, he set all the administrative passwords on the network devices to passwords only known to him. He used the justification that he required exclusive access to the systems to ensure that they were running properly. When he refused to divulge the passwords, he was arrested. Still, no one could access the administrative accounts of the network devices.
In the end, he did hand over the passwords. This entire ordeal resulted in the local government in San Francisco losing money and credibility. Then pile the recent Intel, Soci??«t??« G??«n??«rale and other insider scandals on top and it all starts to become clear about what one employee can do without a process-based system in place.
Process-based Systems: What They Are, What They Do
Process-based systems: what they are, what they do
Based around a few key principles, a process-based system, when executed properly, allows a company to prevent these incidents without disrupting the general flow of business. Allowing privileged access is an essential part of the business process. Most organizations, however, simply hand privileged account passwords to their administrators, trusting that they will use them appropriately-without any consideration for what happens next. Even worse, many organizations have no IT audit system in place to keep track of who has access to these privileged accounts.
To manage privileged accounts, software must be in place to manage temporary or restricted access and to implement a process for obtaining access to those privileged accounts. Software solutions should be used to establish a detailed process, calling for justification from the administrator who is requesting privileged access (potentially requiring approval of that access by another individual in the organization), and creating an audit trail of all the steps in validating this request.
The system should allow approvers to assess the information before allowing or denying the privileged access request. On top of that, the termination of access or the rotation of the privileged account passwords is essential to closing the loop at the end of an access request.
What the audit trail does
This is where the audit trail comes in. With each step of this process logged, including denial of requests, these audit trails are invaluable. These are especially important when terminating an employee and determining what they have and haven’t had access to. With this process established and backed by the right software, an organization can effectively manage access for all of the layers within the environment, create a robust IT audit trail (if needed), and terminate access as necessary.
UNIX and Linux have many benefits over other operating systems for certain business functions. However, the “super user” or root account creates a security nightmare, allowing users logged on as root to access all data within these systems, even if business requirements dictate that they only need access to a small portion.
A process should be established to allow an administrator to perform functions as a root user within these environments, but only allow them to conduct a core set of necessary activities. Software can be used to establish, maintain and automate these policies, and delegate access to privileged accounts such as root. This becomes a valuable tool when an administrator needs this privileged account access on a consistent basis by allowing the administrator access without handing out the actual privileged account password or unnecessary privileges.
Integrating Policy Control
Integrating policy control
Establishing this control process should be accompanied by a log of all actions taken by the administrator. Integrating policy control into centralized master hosts or directories helps streamline management, particularly in the sometimes laborious task of removing a terminated user’s data access. With the right software, used to establish the right process, the same tasks discussed above can be extended across thousands of hosts, with minimal labor by one administrator.
While a strong process-based approach is important for privileged access to an organization, it also benefits the administrators that work in the organization. When a company is unsure about which administrator has accessed a privileged account, they are unsure about where to assign the blame when an issue occurs related to that privileged access.
In a process-based system with a detailed audit trail, it can quickly be learned who has accessed a privileged account and what operations they performed. Whether the problem was created from malicious intent or a simple error, the situation can be addressed appropriately with the administrator that created the problem. All the other administrators are cleared from the shadow of doubt, as there is positive evidence that their actions were not responsible for the problem. As an auditor once told me, “proof of innocence is a powerful thing.”
Integration with Active Directory
Active Directory is an exceptional tool in centralized authentication and account access management. However, Active Directory’s authentication and policies do not natively extend to UNIX/Linux systems. Software can be used to establish a more total control of accounts within an organization by integrating UNIX and Linux hosts into the Active Directory ecosystem. What becomes truly helpful is a process where a user can be given a single password for all environments with the same security settings. This reduces constant access requests and helps to more efficiently manage account information.
Once integration with Active Directory has been established, IT managers need to make sure it is cohesive with the other processes outlined above. A good system in place will allow user management functions to streamline across multiple platforms, saving time and energy. This helps with both the termination of a user account, along with removing temporary, privileged access to a given user.
To conclude, the process-based system is an essential step in securing your IT infrastructure from the inside. Trust, while a nice ideal, is simply not practical when looking to safeguard your most sensitive data from the bad eggs out there. With the right software, and a straightforward and minimally-intrusive process, an organization can achieve an airtight set of security processes that does not disrupt workflow or alienate IT administrators.