BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Top 10 Reasons To Implement Least Privilege for Linux Servers

Post by Peter McCalister November 19, 2010

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format.  So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege on Linux Servers are:

#10 - Sam, the CSO can now sleep nights knowing that excess privileges will no longer be responsible for failing a SOX, HIPAA, PCI, DSS, GLBA or FDCC and FISMA audit (even though he isn’t required to even deal with the last two).

#9 - Andy the Auditor can get a full report of who has what entitlements instantly to satisfy compliance successfully, instead of taking weeks of manual effort

#8 - Ted in Tech Support won’t be able to reset file and directory permissions on any Linux server he has admin rights to so liberally that anyone with a login can access confidential data just because it makes his job easier

#7 - Sid in Development won’t be able to download Apache applications or any otherunauthorized open source “tools” potentially injecting malware into our corporate network

#6 - Fiona and Felix our new Linux administrators won’t make one, or more, of the 10 Mistakes New Linux Administrators Make

#5 - Vito, the ever-industrious programmer will no longer be able to code suid root binaries into his programs allowing programmatic access beyond what is allowed by corporate policy or regulatory requirements

#4 - Alice in IT will no longer be responsible for DNS misconfiguration errors as her role won’t facilitate this level of admin privilege

#3 - Fred in IT won’t be able to install a Trojan on the mission critical server, bringing it down for 4 hours and costing the company over $1M in lost transactions, because he was passed over for a big promotion

#2 - Sarah, the CIO will no longer have to hide Linux root credentials in a sealed envelope in her office safe and deal with a manual check in/check out process

#1 - Tony, the Palo Alto Linux administrator will no longer be able to wear that ratty old T-shirt with the slogan “Bow before me, for I am root” any longer

Leave a Reply

Additional articles

April VEF Participant Wins a Apple iPad mini

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Post by Qui Cao April 24, 2014
smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Post by Morey Haber April 23, 2014
Tags:
, , , , ,
smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,