Your SlideShare is downloading. ×
0
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Who will guard the guards
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Who will guard the guards

959

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
959
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Who will guard the guards? K. K. Mookhey Principal Consultant Network Intelligence India Pvt. Ltd.
  • 2. Speaker Introduction Founder & Principal Consultant Network Intelligence Institute of Information Security Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA) Over a decade of experience in pen-tests, application security assessments, forensics, compliance, etc.
  • 3. Agenda Ground-level Realities Compliance & Regulations Case Study of Privileged Identity Challenges Solutions Policy Process Technology
  • 4. Ground Level Realities How sys admins really operate!
  • 5. What happened at RSA?
  • 6. Spear Phishing
  • 7. SQL Server to Enterprise 0wned! Entry Point – 172.16.1.36 Vulnerability -> SQL Server Default username and password Username: sa Password: password
  • 8. Privilege Escalation on the Network Using the Administrator account logon to other machines Login to the domain server was not possible Check for Impersonating Users
  • 9. The Insider Threat No. 1 security concern of large companies is… THE INSIDER THREAT (IDC Analyst Group)86% of the insiders held technical positions (CERT)90% of them were granted system administrators orprivileged system access when hired (CERT)64% used remote access (CERT)50% of those people were no longer supposedto have this privileged access(Source: Carnegie Mellon, DOD)92% of all the insiders attacked following a negativework-related event like termination, dispute, etc. (CERT)
  • 10. Notable Finding
  • 11. Compliance and RegulationCurrent Audit Questions around Privileged Accounts: “Can you prove that you are protecting access to key accounts?” “Who is acting as System Administrator for this activity?” “Can you prove that Rahul Mehta’s access to the netAdmin ID was properly approved?” “Can you show me what Rahul Mehta did within his session as root last week?” “Are you changing the Exchange Admin password inline with company policy?” “Have you removed hard-coded passwords from your applications?” PCI, SOX, Basel II & HIPAA are all diving deeper into Privileged Accounts
  • 12. Telecom Regulations DOT circular (31st May 2011) states in 5.6 A (vi) c. that The Licensee shall keep a record of all the operation and maintenance command logs for a period of 12 months, which should include the actual command given, who gave the command, when was it given and from where. For next 24 months the same information shall be stored/retained in a non-online mode.
  • 13. Other Regulations RBI Guidelines on Technology Risks IT Act Notifications – April 2011
  • 14. What are Privileged Accounts?Acct Type Scope Used by Used forElevated • Personal Accounts • Privileged operations elevated permissions • IT staffPersonal Accts • Access to sensitive – JSmith_admin(SUPM) – SUDO informationShared Highly Powerful •• Emergency • IT staff • Administrator • System Admins • UNIX root Fire-call • Network Admins Difficult to Control,DBAsPrivilegedAccounts • Manage & Monitor • Cisco Enable • Oracle SYS • Disaster recovery • Privileged operations • Help Desk, etc(SAPM) Usage is Not ••‘Personalized’sensitive • Local Administrators Developers • ERP admin Legacy Apps • Access to information Pose Devastating Risk if Misused • Applications • Hard-Coded, and • ScriptsApplication • Online database access Embedded Application • Windows ServicesAccounts • Batch processing IDs • Scheduled Tasks(AIM) • App-2-App communication • Service Accounts • Batch jobs, etc • Developers
  • 15. The Scope of the Problem...“Most organizations have more privileged accounts than personal accounts” (Sally Hudson, IDC) Typical use case - mid-size company IT profile: ~10,000 employees 8,000+ desktops/laptops 200 Windows servers 10 Windows domains 500 Unix/Linux servers 20 WebSphere/Weblogic/Jboss/Tomcat servers 100 Oracle/DB2/Sqlserver databases 50 Cisco/Juniper/Nortel routers and switches 20 firewalls 1,000 application accounts 150 Emergency and break-glass accounts
  • 16. App2App Communication• App2App interaction requires an authentication process – Calling application needs to send credentials to target application• Common use cases – Applications and Scripts connecting to databases – 3rd Party Products accessing network resources – Job Scheduling – Application Server Connection Pools – Distributed Computing Centers – Application Encryption Key Management – ATM, Kiosks, etc.
  • 17. Summary: Privileged Identity & Session ManagementA comprehensive platform for isolating and preemptivelyprotecting your datacenter – whether on premise or in thecloud Discover all privileged accounts across datacenter Manage and secure every credential Enforce policies for usage Record and monitor privileged activities React and comply Integrate with IDAM
  • 18. Controls Framework
  • 19. Policies Privileged ID Management Policy & Procedures Privileged ID allocation – process of the approval mechanism for it Privileged ID periodic review – procedure for this Monitoring of privileged ID activities – mechanisms, and procedures for logging and monitoring privileged IDs Revocation of a privileged ID – what happens when an Administrator leaves the organization? How are vendor-supplied user IDs managed Managing shared/generic privileged IDs
  • 20. Thank you!Questions / QueriesK. K. MOOKHEYkkmookhey@niiconsulting.comNETWORK INTELLIGENCE INDIA PVT. LTD.www.niiconsulting.com

×