A year after Terry Childs case, privileged user problem grows
Managing those who manage the keys is hard
Computerworld - One year after former network administrator Terry Childs made national headlines for locking up access to a crucial San Francisco city network, the issue of how to protect corporate systems against the very people who manage and administer them remains as thorny as ever.
Just yesterday, Lesmany Nunez, a former computer support technician at Quantum Technology Partners (QTP) in Miami, was sentenced to a year in jail for illegally using his administrator account and password to shut down the company's servers from his home computer. Nunez also changed the passwords of all the IT systems administrators at the company and deleted certain files that would have made data restoration from backup tapes easier. His actions resulted in more than $30,000 in damages to QTP.
Numerous similar cases, including ones involving Fannie Mae and Pacific Energy Resources Ltd. have been reported over the past few months, each one causing considerable damage and disruption to the companies involved.
Childs is awaiting trial after being jailed last July on a $5 million bond for resetting administrative passwords to switches and routers on San Francisco's FibreWAN network, and later refusing to divulge the new passwords thereby locking up the network.
Such sabotage can be extremely difficult to stop because it involves users with legitimate administrative access to critical systems. But contributing to the problem is the continuing failure by many companies to adequately manage the numerous user accounts and passwords that control privileged access to critical corporate networks and systems.
Although the issue is well recognized by security experts, far too many companies continue to overlook it, said Sarah Cortes, an analyst with Inman TechnologyIT. The threat is "highly underestimated," Cortes said.
"It's not a sexy issue but it's a fundamental security issue," said Cortes, a former tech executive at several financial services companies.
Large companies can have thousands of account names and passwords that provide root access to applications, databases, networks and operating systems. While not all of them are critical to the enterprise, there are numerous accounts that if abused can cause serious disruptions enterprise wide.
Some companies can have anywhere between 10 and 70 people with root-level access to such critical systems, Cortes said. These could be staff who require access for system or database maintenance purposes, for patching or upgrading applications, and other valid reasons. The number of people with such access is usually far greater than managers might know about or track, Cortes said.
The situation is worse in environments with older legacy systems that are no longer being actively supported but need to be maintained all the same. There can be numerous individuals in such situations who have been provided emergency, or temporary, root-access to a system in response to a specific need, but whose access is then never later revoked, she said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts