BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Privilege Identity Management – A Help Desk Perspective

Posted October 12, 2012    Morey Haber

Help desk technicians within a company are the first line of defensive for a new project or system problem. Most of the time, they are informed and trained that users will be getting a new piece of security software. The solution, in this case, is called Privileged Identity Management (PIM) and is designed to manage authenticated permissions on their workstations. The technology provides administrative rights to applications and operating systems features that require administrative privileges and allows their normal daily job functions to occur as a standard user.



The most frequent questions we hear at BeyondTrust from help desk technician’s are “why are you removing administrator permissions from the end users?” and “How will I support these users when things do not operate like before?”. The answers to these are very simple. As an end user administrative permissions are designed to have complete and unrestricted control of the operating system and applications. In reality, only a subset is ever needed and the excessive permissions can lead to a gaping security hole for malware, configuration issues, and advanced persistent threats. Unfortunately as a help desk technician, you experience these problems all too often. As the solution is deployed, your clients will begin to login as a standard user, and the PIM solution will give them administrative authority to applications and operating system features they need for daily operations. Your role as a help desk technician will be to assist where the escalation rules are missing (or not working) to cover functions that users need for daily business operations.

It is important to understand that there are several reasons your organization is adopting the solution. First, like many businesses, commercial and government identities have regulatory controls that stipulate security controls on sensitive data, personal information, and applications. Your business is no different. Auditors periodically may visit your business and review security procedures, policies, and verify the employees and contractors do not have excessive access to systems and data. Tools like PowerBroker satisfy their requirements by placing a control on permissions while allowing elevation of privileges to personnel when appropriate.

One other consideration is directly related to security and malware. Malware is a superset term that encompasses all forms of malicious programs from viruses, spyware, and ransom-ware all the way through Advanced Persistent Threats (APT). Statistics show that a very large portion of malware infects computers simply based on the user having administrative access to the host. If this access is removed, the malware and its infection are thwarted. As help desk technicians, this burden should be significantly reduced from your daily support calls due to the removal of administrative privileges from your clients. As you have seen, antivirus solutions alone are not up to the latest challenges. To mitigate these threats, the most common denominator for malware is being restricted; its ability to access administrator privileges on the workstations you support.

As with any technology rollout, there are bound to be a few bumps along the way. Remember when you had your first look at the latest version of Windows? Finding where to locate common function was frustrating to many, but it only took a little while to realize it was the same thing but in a different location. PIM is the same way. Your client’s programs and applications will operate the same way, but in some circumstances may request that the end user complete a quick text box explaining why they are using a program or operating system feature. This may sound like an unnecessary step but if they are installing software or administering a phone system or database, management and auditors tend to want to know when and why. These are all part of security best practices and regulatory compliance.

One of the common questions you will receive is that some programs (and operating system features) that worked before no longer function. This is the bump in the road that as a help desk technician you will need to resolve. These may be applications, for which rules have yet to be created for applications that require administrative permissions to run or applications that have been explicitly denied from operating due to their inherent risk or potential threat they represent to the organization.  A simple discussion with the end user, justification for the application or feature, and following established procedures for information technology administrators to create a rule will rectify this type of problem. If the application is rarely ever used, or one time only, then the Challenge Response Passcode feature of PowerBroker for Windowscan provide temporary relief until decisions about a permanent rule are made.

All in all, this project is designed to increase the security of desktops and servers, prohibit common malware from infecting assets, aid in regulatory compliance, and track when sensitive applications are being executed throughout your organization. The process involves changing the way end users login into their computer but is designed to not affect daily job functions. If anything, you will notice end users will have systems that run better because common flaws that can occur as an administrator will simply be avoided.

Securing privileges are crucial to the security and operational well-being of your organization. It is being implemented to provide a safer, more standardized computing environment that can be managed better by the help desk, administrators, and information technology teams. The Help Desk is crucial in making this type of project a success and the benefits it offers. For more information, please visit BeyondTrust.

Tags:
, , , , , , , ,

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,