Aujas US

An IDG Ventures Company

Managing Risk of Privileged Access and Activity Management

Managing the risk of privileged accessThe Problem
As organizations continue to leverage IT systems to support their businesses, the requirement of managing privileged users is rapidly emerging. Privileged IDs are the in-built system accounts within applications, operating systems, and databases. Additionally, user accounts that are created for administration of systems are also privileged IDs.
These IDs have higher and generally unrestricted authority associated with them to allow efficient system maintenance. As a side effect, these IDs can also be used to make widespread changes to the business systems.

The Risk
Usually, these IDs, especially the ones that are in-built, are shared among the groups of administrators. This method of sharing highly powerful access can cause accountability concerns and non compliance with regulatory requirement, thereby significantly increasing the access risk.

Data can be stolen undetected or IT systems can be sabotaged by misusing the privileged access, since these IDs have access to systems from the backend and can bypass the control deployed for business users.

The rapidly emerging trends of cloud computing, consolidation of data centers, virtualization and hosted application services providers imply growing numbers of IT systems and privileged IDs. Any organization using significant number of IT systems like servers, network devices, desktops, or applications faces the requirement of managing privileged IDs.

Regulatory and government requirements for telecom, banking and IT verticals create an even greater need to address this requirement. Recent prominent and high profile security breaches in these verticals across the globe highlight the degree of access risk caused by inadequate privileged ID management.

What Not to Do
Limiting the privileges granted to these IDs will not mitigate the risk as it will render the useless IDs to perform its functions. Alternatively, some organizations aim to bring in accountability by assigning individual IDs to their administrators in order to eliminate sharing. This approach is helpful only for managing a small number of administrators managing few systems.

In-built IDs will still need to be shared even if administrators use their own individual IDs. To add to the complexity, some IT systems enforce a limit on the number of individual accounts that can be created to manage them. Moreover, the number of individual IDs grows multiplicatively with the increase in both the number of administrators and managed systems.

For example, an admin team of twenty managing a thousand systems can easily be dealing with more than 20,000 IDs. The cost and complexity of managing the lifecycle, enforcing password policies and access controls on so many individual IDs makes this approach suboptimal.

Mitigating the Risk
What is needed is a comprehensive and modular approach to privileged access and activity management. Privileged access and activity management is an identity management domain comprising of the same traditional building blocks of User Provisioning, Single Sign-on and Access Management, Role Management, Password Vault and SIEM tied together with robust solution design based on well thought of policies and procedures.

A good solution approach uses an iterative model to focus on each of these areas and improve them incrementally by understanding how it integrated with other building blocks. This approach allows for a modular solution which not only can solve immediate problems with least disruption and change to the existing practices, but also scale to meet the evolved requirements as the business and expectations grow.

July 26, 2011 Posted by | Access control, IT security, Risk management | , , , | Leave a comment

Understanding the Need for Converged Access Control

Access managementAccording to a study conducted by Carnegie Mellon University – critical system disruptions, loss of information of customers and partners, loss of confidential intellectual property,  brute-force attacks, fraud, reputation risk, etc. were mostly attributed to actions by insiders.

The grave dangers of insider threats, arising from employees retaining their system and/or having physical access even after job termination, can be understood from a shocking incident that took place recently. A US-based Water Service Company auditor, who resigned from his post, sneaked into the company’s building and accessed a former coworker’s computer to transfer $9 million from the company’s fund to his personal account. 

Insider threats, in which the disgruntled employees or ex-employees, gain access to computer systems or networks of the enterprise, is one of the cases of improper Identity Management!

Proliferating Disconnected Identities – Root Cause for Mismanagement of Identities!

In most organizations, it is seen that logical and physical identities often see excessive increase in numbers, making it difficult for the organization to track and manage all the identities effectively. 

On the logical side, an employee may have one identity within the enterprise HR system, such as a SAP system. That identity typically consists of salary, benefits, insurance and other specific employee details. Then there is a logical identity, for the same employee, within the information technology department’s directory software – such as those from Microsoft, Novell, CA, Sun Microsystems, or Oracle. This directory controls the permissions for network, database and software applications for the logical identity. Within the organizations’ Intranets, databases and applications, the user may have still more identities, in the form of different user IDs and passwords or PINs he/she uses to log into each logical resource of organization. This employee will have at least one more identity: a physical credential of some sort used for access to organization infrastructure –workstations, buildings, floors, parking garages, warehouses, research lab etc.

Then, there are cases of merger or acquisitions of organizations which often results in more than one brand of Physical Access Control System (PACS) in the organization. In enterprises with more than one brand of PACS and several facilities or areas users must enter, a user may have more than one physical access credential—and therefore, more than one physical identity.

Unconverged identity management systems either result in error-prone manual interventions or security issues!

Next: The Need for Converging Identities

November 4, 2010 Posted by | Access control, identity and access management, Risk management | , , , | Leave a comment

Stuxnet Accelerates Exponential Decay!

Exponential-decayOften, change within the technology arena is seen through the lens of Moore’s Law; computer power doubles every eighteen months.  Many predictions of the Law’s demise have come and gone.  As technology approaches the physical limitations inherent in Moore’s Law, innovation has accelerated.  Moore’s Law was convenient for expressing technology’s exponential growth.

However, the Law’s converse – exponential decay – has eclipsed the “Law” and is unrestrained.  The broader concept of exponential decay operates unreservedly.  Exponential decay spurs innovation, is unrestrained by the present, and arises from the half-life of earlier developments. 

Information Security solutions are following a similar construct: exponential decay.  The perimeter defense built to address external threats has degraded to also-ran status.  Expanding business needs and active circumventing the perimeter, rendering it less-and-less effective.

The progression of security threats, similarly, follows an exponential decay model.  Hacking has given way to monetization attacks and espionage; sophistication grows, barriers to entry decrease, and specialization rises.  Exponential decay, also, produces geometric increases in records and funds lost in breaches.

Stuxnet’s introduction to the world represents the next stage of exponential decay.  It epitomizes a militant threat capable of incapacitating industrial production.  However, such a sophisticated cyber capability encourages derivatives. 

Stuxnet’s independent mutation ability and intra-communication has profound considerations.  An enterprise (military, government, academic, industrial, etc.) should consider themself compromised, irrespectively, by some form of cyber-malice capable of harvesting or destroying value.  Intra-communication is difficult to detect.

One enterprise defense from mutation and intra-communication within the enterprise is layered protection (versus layered defense).  While the enterprise perimeter an anachronism, externally, it has value inside the enterprise.  Tightly controlling access by limiting access gives the protection and time to address such attacks. 

Emerging technologies that allow enterprise to build layered, trusted perimeters, a ring-within-rings, are the exponential decay’s response to these new threats.  Watch for DLP, SIEM, and GRC applications to add layered perimeter capabilities and tracking of intra-communication.  Include intra-communication monitoring within perimeters as a required feature in product selection or expansion.

Authored by Charles King, CISSP – King Information Security, LLC

November 4, 2010 Posted by | Access control, identity and access management, Risk management | , , | Leave a comment

Converged Identity and Access Management

Access managementPart 3 in the Converged Identity and Access Management series

Converged IAM (Identity and Access Management) can be understood as a system which converges together disparate physical and logical access control system, to create a singular trusted identity and one credential to match rights and access them across the enterprise.

Converged IAM can’t exist without network connections – preferably automatic, software driven ones – between these logical and physical identity systems.

The most typical use-case right now involves the uses of a card reader integrated with an identity management or directory system such as Active Directory of LDAP. Users swipe the access card at the door and use that same access card to log on to network resources.

Logical identity integrations for a user usually begin with links between human resources systems, an IT network component and the enterprise directory. The directory software, such as Microsoft’s Active Directory or similar tools based on the Lightweight Directory Access Protocol (LDAP), ensures that any employee has the network, software and database access — the virtual provisions — they’ll require to do their work.

Many large enterprises already use identity management tools from vendors like IBM, Novell, Oracle and Sun, to provision users from the HR system into the directory. That process is fairly well-automated. The disconnection between logical and physical identity usually appears when it’s time to provision a user’s physical access rights—at the most basic, where and when that person is allowed to be within the enterprise. In many enterprises, this task is typically still manual: A phone call, email or fax from HR alerts the physical security department to put the new employee into the PACS and create an access badge for him.

Integrating the PACS with the enterprise directory enables enterprises to address the issue of disconnected physical and logical identities. Here the value for the organization is that integration allows them to have a better understanding of who has rights to their network and their physical facilities. It allows them to manage access rights and people’s responsibilities within the organization more efficiently.

Next: The Importance of IT in Convergence

November 3, 2010 Posted by | Access control, Risk management | , | Leave a comment

Secure File Uploads – Risky?

Risky file downloadsRecently we have had several inquiries into the risks surrounding uploading files.  Here’s some how you can think about this risk:

File uploads have become a critical feature in today’s application security. As the availability of human resources and systems continues to be critical to business operations, file upload usage will continue to escalate as will the features these devices offer. For example, to allow an end user to upload files to the websites such as social networking sites, web blogs, forums, e-banking sites, video blogs, or corporate support portals, gives the opportunity to the end user to efficiently share files with corporate employees. These all open the door for a malicious user to compromise your server.  These users are allowed to upload images, videos, avatars and many other types of files.

The more access controls provided to the end user, the greater the risk of having a vulnerable web application and the chance that such functionality will be abused from malicious users, to gain access to a specific website, or to compromise a server is very high.

It is, therefore, imperative that proper risk management be applied and security access controls, policies implemented to maximize the benefits while minimizing the risks associated with such features.

A list of best practices that should be enforced when file uploads is allowed on websites or any applications. These practices will help you securing file upload forms used in web applications. Few of the recommended practices include:
• Restrict the user to upload the files in a directory outside the server root.
• Prevent overwriting of existing files (to prevent the .htaccess overwrite attack).
• Create a list of accepted mime-types (map extensions from these mime types).
• Generate a random file name and add the previously generated extension.
• Don’t rely on client-side validation only, since it is not enough. Ideally one should have both server-side and client-side validation implemented.

As seen above, there are many ways how a malicious user can bypass file upload form security. For this reason, when implementing a file upload form in a web application, one should make sure to follow correct security guidelines and test them properly. Enterprises that have been considering the use of file uploads in their environment should calculate the benefits that the technology can offer them and the additional risks that are incurred. Once benefits and risks are understood, businesses should utilize a governance framework to ensure that process and policy changes are implemented and understood, and that appropriate levels of security are applied to prevent data loss.

If you have additional questions regarding Secure Development Lifecycle contact Karl Kispert at karl.kispert@aujas.com.

November 3, 2010 Posted by | Access control, File upload security, Risk management | , , , , , | 1 Comment