Here in Utah, where Arellia is headquartered, there has been a much publicized data breach of the Utah Department of Health where a server was compromised with 280,000 social security numbers taken and over 500,000 individual’s having less sensitive date compromised. According to the press release, “In this particular incident, a configuration error occurred at the authentication level, allowing the hacker to circumvent the security system. DTS has processes in place to ensure the state’s data is secured, but this particular server was not configured according to normal procedure.” Now this article is not here to throw stones at Utah’s Department of Health, but rather an illustration of how a small mistake had serious consequences.
Clearly, there were many controls in place to secure this server, but a failure to implement one control had serious consequences. Let this be a lesson for all of this that we are only as strong as our weakest links. Applying this concept to one of Arellia’s focus of securing administrator rights and we can see where weak links break that model. Many of our customers come to look at privilege management wherein we add privileges to applications that require administrative rights when the end user is running as a standard user. What they often overlook are many of the adjacent security links associated to that initiative including:
- Continuous Discovery of Users with Administrator Rights – You have removed administrator rights from your end users, but how do you know they aren’t creeping back?
- Ongoing Administrator Group Membership Enforcement – How do you plan on removing administrator rights from end users? How do you continue to maintain that configuration?
- Secure Management of Authorized Administrator Accounts –Systems will have a local administrator account that is used by IT? How is the password being managed? Who has access to the password? How is it being cycled? Too often this account and password is known by all of IT and most of the end user community and if not properly complex easy to crack.
- Applications Installed into Users Directory – The standard user can still install applications to the Users directory (such as web browsers) and run portable applications. Did you know that?
- Configuration Security – Your applications and users are secured, but your configuration is insecure. Hackers don’t give you credit for good work, they only target the weak links.
At Arellia our mission is to look at the problems that result in security incidents and address them before they happen: like the idea of regular exercise and good a good diet versus pills and surgeries. This is why we look at user, application, and configuration security together: they are interrelated when it comes to complete security. So what are your weak links and how are you addressing them?