Tag Archive for Lieberman

| July 17, 2014
Comments Off on Can Former Staff Still Access Secure Info?

Can Former Staff Still Access Secure Info?

Can Former Staff Still Access Secure Info?InfoSecurity Magazine recently published an article that blames cavalier attitudes about password management for a new era of data breaches. The article says that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches.

The author cites a survey from Lieberman Software of IT security professionals. In the survey, 13% of IT security pro’s interviewed at the RSA Conference 2014 in San Francisco admit to being able to access previous employers’ systems using their old credentials.

access previous employers’ systems using their old credentialPerhaps even more alarming is that of those able to get access to previous employers’ systems nearly 23% can get into their previous two employers’ systems using old credentials. And, shockingly, more than 16% admit to still having access to systems at all previous employers Lieberman reports. Philip Lieberman, CEO and president of the company, told InfoSecurity in an interview that he blames executives who are satisfied with only meeting minimum security requirements.

Investments in security for technology, people, and processes have been meager, at best, in most organizations for many years … many C-level executives have been strongly discouraged from implementing anything other than the minimum security required by law.

don't have, a policy to make sure that former employers can no longer access systemsThe survey also showed a communications breakdown between the IT Pros and management. Nearly one in five respondents admit that they do not have, or don’t know if they have, a policy to make sure that former employers and contractors can no longer access systems after leaving the organization according to the article.

The survey also found that current employees are also a concern. The InfoSecurity article says that almost 25% of employees surveyed said that they work in organizations that do not change their service and process account passwords within the 90-day time frame commonly cited as best practice by most regulatory compliance mandates. Lieberman pointed out that users who run with elevated privileges can introduce all sorts of IT headaches by downloading and installing applications, and changing their system configuration settings. CEO Lieberman warned that an organization would be wise to strictly control and monitor the privileged actions of its users by:

  1. Get control over privileged accounts. Start by generating unique and complex passwords for every individual account on the network – and changing these passwords often (no more shared or static passwords).
  2. Make sure you’re securely storing current passwords and making them available only to delegated staff, for audited use, for a limited time (no more anonymous and unlimited privileged access – for anyone).
  3. Automate the entire process with an enterprise-level privileged identity management approach. Mr. Lieberman argues, “when users exhibit poor behavior while logged into their powerful privileged accounts, you can be immediately alerted and respond to the threat.

half-life mentality of opening the pocketbook for security investments immediately after a data breachMr. Lieberman told InfoSecurity that In the wake of the Edward Snowden / NSA scandal and the Target breach, one would think that corporations would feel that minimizing the insider threat and the attempts of sophisticated criminal hackers to groom those with privileged accounts would be of tantamount importance. But, Lieberman cited a “half-life mentality of opening the pocketbook for security investments immediately after a data breach occurs, but then diminishing back to basic security after a few months.

rb-

When an employee leaves the company, it’s imperative to ensure that he or she is not taking the password secrets that can gain access to highly sensitive systems.

To back this up, Verizon’s 2013 annual Data Breach Investigations Report says that more than three-quarters (76%) of network intrusions relied on weak or stolen credentials – a risk that Verizon describes as “easily preventable”.

Creating Privileged Accounts:

  • Never issue direct access to Administrator or Root, create a unique alias.
  • Require password complexity, history and expiration.

Disabling Privileged Accounts:

  • Get the termination notice in writing from someone up the food chain before acting, then disable the account ASAP.
  • Disable the account, Lock the account, Change the password.
  • Don’t change the user name or delete the account until you are sure. Prematurely removing an Admin Account could break some applications or connectors.
  • Don’t forget about other accounts, email, VPN, wipe mobile devices, access control PINs.
Related articles
  • Protecting Against the Insider Threat (duosecurity.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| July 9, 2010
Comments Off on Internet Kill Switch in Place

Internet Kill Switch in Place

Internet Kill Switch in PlaceThere is a great hub-bub in the blog-o-sphere about the new “Internet Kill Switch.” If one reads the Protecting Cyberspace as a National Asset Act of 2010, (S. 3480) which the Senate Homeland Security and Governmental Affairs Committee unanimously approved which in part says:

If the President determines there is a credible threat to exploit cyber vulnerabilities of the covered critical infrastructure, the President may declare a national cyber emergency, with notification to Congress and owners and operators of affected covered critical infrastructure. The notification must include the nature of the threat, the reason existing security measures are deficient, and the proposed emergency measures needed to address the threat. If the President exercises this authority, the Director of the NCCC will issue emergency measures necessary to preserve the reliable operation of covered critical infrastructure. Any emergency measures issued under this section will expire after 30 days unless the Director of the NCCC or the President affirms in writing that the threat still exists or the measures are still needed.

Sponsor of the proposed Act Senator Joe Lieberman (I- CT) recently told CNN‘s Candy Crowley about whether the proposed Act was an “Internet Kill Switch”,

” … total misinformation.,,, We need the capacity for the president to say, Internet service provider, we’ve got to disconnect the American Internet from all traffic coming in from another foreign country …  This is a matter of national security. A cyber attack on America can do as much or more damage today by incapacitating our banks, our communications, our finance, our transportation, as a conventional war attack.  So I say to my friends on the Internet, relax… take a look at the bill. And this is something that we need to protect our country.”

Lieberman goes on to say that the U.S should do this because China does, “Right now, China, the government, can disconnect parts of its Internet in a case of war. We need to have that here, too.

If one takes a closer look at the existing laws, the President already has a kill switch. Section 706 of The Communications Act of 1934 (last amended in 1996) says in part,

Upon proclamation by the President that there exists a state or threat of war involving the United States, the President, if he deems it necessary in the interest of the national security …   may designate, (1) suspend or amend the rules and regulations applicable to any or all facilities or stations for wire communication within the jurisdiction of the United States as prescribed by the Commission, (2) cause the closing of any facility or station for wire communication and the removal therefrom of its apparatus and equipment, or (3) authorize the use or control of any such facility or station and its apparatus and equipment by any department of the Government under such regulations as he may prescribe, upon just compensation to the owners. (emphasis added)

Big tech firms support the proposed “Internet Kill Switch.”  McAfee’s vice president for government relations called the  Lieberman Bill a “very important piece of legislation.” Big tech firms get several benefits for their support of the bill which has language that will give them immunity from civil lawsuits and also reimburse them for any costs incurred if the Internet is shut down for a time. The legislation provides tech firms with new protections for their poor business practices. If a software company’s programming error costs customers billions, or a broadband provider intentionally cuts off its customers in response to a federal command, neither would be liable according to the bill.

Declan McCullagh at CNET writes that if there’s an “incident related to a cyber vulnerability” after the President has declared an emergency and the affected company has followed federal standards, plaintiffs’ lawyers cannot collect damages for economic harm. And if the harm is caused by an emergency order from the Feds, not only does the possibility of damages virtually disappear but the U.S. will even bail out the firms.

Rep. Jane Harman, (Dem – CA) has introduced a House version of the bill, H.R. 5548,, but it has not yet passed the committee.

rb-

There does not seem to be any language in the Lieberman bill to retract the Kill Switch in the Telecom Act, so Lieberman is right that his bill does bot include a “kill switch” because it has been in place for over 75 years. This is just another example of Washington’s double-talk.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,