The same scenario applies to uninterruptible power supply systems. Not long ago we were assessing a large government entity that has spared no expense on IT security they had one of the most secure systems I have ever seen. A few months prior to our assessment, they had a contractor replace all of their UPS systems, including the ones that ran all of their critical servers in their main computer facility. The contractor had connected these UPS systems to the network so that they could be remotely administered and monitored. I have a screenshot on the report to the customer showing us logged into the web interface (with admin rights using the out-of-the-box credentials) and the mouse cursor hovering over the SHUTDOWN button. That got their attention.
The solution? 1. Perform regular port scans for web servers/interfaces. 2. If the web interface is unnecessary, shut down the service. 3. If it is needed: - Change the credentials - Use https if at all possible - Limit access to the interface to only authorized admin workstations - Add firewall restrictions - Monitor logs
User access to production systems: Limiting accounts, stronger password protocol heightens security
Do the systems access privileges among your staff put you at risk for a breach? Here, a senior IT manager with a large manufacturing company details how he reconfigured access to production systems to be more limited and auditable.
Most of our IT staff had full access to all of our production systems, using their 'user accounts.' In a security audit and penetration test, this was exploited by the testers to end up owning our Windows Domain and most of our production data base servers.
We've now removed everyone's 'user accounts' from Domain Administrator, DBA /Application Root Accounts and the like. Technical system administrators that need regular access to sensitive systems and data have a separate account for that purpose with a much stronger password and we audit all use of that account with some audit tools and a password vault tool from Cyber Ark.
Many of our application / DBA folks need a good deal less routine access to production systems. For those systems, we have removed ALL routine admin access and replaced that with select "firefighter accounts," which are more generic. These accounts are stored in the password vault and protected by a very strong password. There's a process for entering tickets, obtaining approval and documenting this in our ticketing system. The password vault also requires several levels of approval for highly sensitive items and it reinforces the ticketing by requiring input of basic ticket numbers and reasons before a password is released. After a password is released, it can be setup to automatically reset after a time and/or to reset after the requestor 'checks it back in'.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.