SlideShare a Scribd company logo

Who will guard the guards

Network Intelligence India
Network Intelligence India
Technology
1 of 20
Download to read offline
Who will guard the guards? K. K. Mookhey Principal Consultant Network Intelligence India Pvt. Ltd.
Speaker Introduction Founder & Principal Consultant Network Intelligence Institute of Information Security Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA) Over a decade of experience in pen-tests, application security assessments, forensics, compliance, etc.
Agenda Ground-level Realities Compliance & Regulations Case Study of Privileged Identity Challenges Solutions Policy Process Technology
Ground Level Realities How sys admins really operate!
What happened at RSA?
Spear Phishing
SQL Server to Enterprise 0wned! Entry Point – 172.16.1.36 Vulnerability -> SQL Server Default username and password Username: sa Password: password
Privilege Escalation on the Network Using the Administrator account logon to other machines Login to the domain server was not possible Check for Impersonating Users
The Insider Threat No. 1 security concern of large companies is… THE INSIDER THREAT (IDC Analyst Group) 86% of the insiders held technical positions (CERT) 90% of them were granted system administrators or privileged system access when hired (CERT) 64% used remote access (CERT) 50% of those people were no longer supposed to have this privileged access (Source: Carnegie Mellon, DOD) 92% of all the insiders attacked following a negative work-related event like termination, dispute, etc. (CERT)
Notable Finding
Compliance and Regulation Current Audit Questions around Privileged Accounts: “Can you prove that you are protecting access to key accounts?” “Who is acting as System Administrator for this activity?” “Can you prove that Rahul Mehta’s access to the netAdmin ID was properly approved?” “Can you show me what Rahul Mehta did within his session as root last week?” “Are you changing the Exchange Admin password inline with company policy?” “Have you removed hard-coded passwords from your applications?” PCI, SOX, Basel II & HIPAA are all diving deeper into Privileged Accounts
Telecom Regulations DOT circular (31st May 2011) states in 5.6 A (vi) c. that The Licensee shall keep a record of all the operation and maintenance command logs for a period of 12 months, which should include the actual command given, who gave the command, when was it given and from where. For next 24 months the same information shall be stored/retained in a non-online mode.
Other Regulations RBI Guidelines on Technology Risks IT Act Notifications – April 2011
What are Privileged Accounts? Acct Type Scope Used by Used for Elevated • Personal Accounts • Privileged operations elevated permissions • IT staff Personal Accts • Access to sensitive – JSmith_admin (SUPM) – SUDO information Shared Highly Powerful •• Emergency • IT staff • Administrator • System Admins • UNIX root Fire-call • Network Admins Difficult to Control,DBAs Privileged Accounts • Manage & Monitor • Cisco Enable • Oracle SYS • Disaster recovery • Privileged operations • Help Desk, etc (SAPM) Usage is Not ••‘Personalized’sensitive • Local Administrators Developers • ERP admin Legacy Apps • Access to information Pose Devastating Risk if Misused • Applications • Hard-Coded, and • Scripts Application • Online database access Embedded Application • Windows Services Accounts • Batch processing IDs • Scheduled Tasks (AIM) • App-2-App communication • Service Accounts • Batch jobs, etc • Developers
The Scope of the Problem... “Most organizations have more privileged accounts than personal accounts” (Sally Hudson, IDC) Typical use case - mid-size company IT profile: ~10,000 employees 8,000+ desktops/laptops 200 Windows servers 10 Windows domains 500 Unix/Linux servers 20 WebSphere/Weblogic/Jboss/Tomcat servers 100 Oracle/DB2/Sqlserver databases 50 Cisco/Juniper/Nortel routers and switches 20 firewalls 1,000 application accounts 150 Emergency and break-glass accounts
App2App Communication • App2App interaction requires an authentication process – Calling application needs to send credentials to target application • Common use cases – Applications and Scripts connecting to databases – 3rd Party Products accessing network resources – Job Scheduling – Application Server Connection Pools – Distributed Computing Centers – Application Encryption Key Management – ATM, Kiosks, etc.
Summary: Privileged Identity & Session Management A comprehensive platform for isolating and preemptively protecting your datacenter – whether on premise or in the cloud Discover all privileged accounts across datacenter Manage and secure every credential Enforce policies for usage Record and monitor privileged activities React and comply Integrate with IDAM
Controls Framework
Policies Privileged ID Management Policy & Procedures Privileged ID allocation – process of the approval mechanism for it Privileged ID periodic review – procedure for this Monitoring of privileged ID activities – mechanisms, and procedures for logging and monitoring privileged IDs Revocation of a privileged ID – what happens when an Administrator leaves the organization? How are vendor-supplied user IDs managed Managing shared/generic privileged IDs
Thank you! Questions / Queries K. K. MOOKHEY kkmookhey@niiconsulting.com NETWORK INTELLIGENCE INDIA PVT. LTD. www.niiconsulting.com

Recommended

Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
Network Intelligence India
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Systems, Inc.
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
Network Intelligence India
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Systems, Inc.
 
Harsha CV
Harsha CVHarsha CV
Harsha CV
Harsha Siddartha Sarjapura
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Systems, Inc.
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 

Recommended

Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
Network Intelligence India
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Systems, Inc.
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
Network Intelligence India
 
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Privileged Access Manager: Randomize and control disclosure of pri...
Hitachi ID Systems, Inc.
 
Harsha CV
Harsha CVHarsha CV
Harsha CV
Harsha Siddartha Sarjapura
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Systems, Inc.
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Systems, Inc.
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Bob Rhubart
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Systems, Inc.
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
OracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Systems, Inc.
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
tsteh
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&A
Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Systems, Inc.
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
ebuc
 
Round table guide
Round table guideRound table guide
Round table guide
OracleIDM
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case
pmcbrideva1
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
OracleIDM
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
Saravanan Purushothaman
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
OracleIDM
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Event
intellectsecurity
 
Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity Management
Hitachi ID Systems, Inc.
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
Novell
 

More Related Content

What's hot

Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
OracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
ebuc
 
Round table guide
Round table guideRound table guide
Round table guide
OracleIDM
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
OracleIDM
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
Saravanan Purushothaman
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
OracleIDM
 

What's hot (20)

Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB Compliance
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioning
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&A
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
Round table guide
Round table guideRound table guide
Round table guide
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Event
 

Similar to Who will guard the guards

Sys track customer facing-terminal server-updated
Sys track customer facing-terminal server-updatedSys track customer facing-terminal server-updated
Sys track customer facing-terminal server-updated
Syntax Inc.
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
BeyondTrust
 

Similar to Who will guard the guards (20)

Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity Management
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
CASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICECASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICE
 
Res Software In Healthcare
Res Software In HealthcareRes Software In Healthcare
Res Software In Healthcare
 
Res Software In Healthcare
Res Software In HealthcareRes Software In Healthcare
Res Software In Healthcare
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Sys track customer facing-terminal server-updated
Sys track customer facing-terminal server-updatedSys track customer facing-terminal server-updated
Sys track customer facing-terminal server-updated
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
 
EventLog Analyzer - Product overview
EventLog Analyzer - Product overviewEventLog Analyzer - Product overview
EventLog Analyzer - Product overview
 
Hitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentation
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
Mobile Services & E-Services Case Study By Osama Abushaban
Mobile Services & E-Services Case Study By Osama AbushabanMobile Services & E-Services Case Study By Osama Abushaban
Mobile Services & E-Services Case Study By Osama Abushaban
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 

More from Network Intelligence India

RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
Network Intelligence India
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
Network Intelligence India
 

More from Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Application security enterprise strategies
Application security enterprise strategiesApplication security enterprise strategies
Application security enterprise strategies
 
Scada assessment case study
Scada assessment case studyScada assessment case study
Scada assessment case study
 
Virtualization security audit
Virtualization security auditVirtualization security audit
Virtualization security audit
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Who will guard the guards

  • 1. Who will guard the guards? K. K. Mookhey Principal Consultant Network Intelligence India Pvt. Ltd.
  • 2. Speaker Introduction Founder & Principal Consultant Network Intelligence Institute of Information Security Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA) Over a decade of experience in pen-tests, application security assessments, forensics, compliance, etc.
  • 3. Agenda Ground-level Realities Compliance & Regulations Case Study of Privileged Identity Challenges Solutions Policy Process Technology
  • 4. Ground Level Realities How sys admins really operate!
  • 7. SQL Server to Enterprise 0wned! Entry Point – 172.16.1.36 Vulnerability -> SQL Server Default username and password Username: sa Password: password
  • 8. Privilege Escalation on the Network Using the Administrator account logon to other machines Login to the domain server was not possible Check for Impersonating Users
  • 9. The Insider Threat No. 1 security concern of large companies is… THE INSIDER THREAT (IDC Analyst Group) 86% of the insiders held technical positions (CERT) 90% of them were granted system administrators or privileged system access when hired (CERT) 64% used remote access (CERT) 50% of those people were no longer supposed to have this privileged access (Source: Carnegie Mellon, DOD) 92% of all the insiders attacked following a negative work-related event like termination, dispute, etc. (CERT)
  • 11. Compliance and Regulation Current Audit Questions around Privileged Accounts: “Can you prove that you are protecting access to key accounts?” “Who is acting as System Administrator for this activity?” “Can you prove that Rahul Mehta’s access to the netAdmin ID was properly approved?” “Can you show me what Rahul Mehta did within his session as root last week?” “Are you changing the Exchange Admin password inline with company policy?” “Have you removed hard-coded passwords from your applications?” PCI, SOX, Basel II & HIPAA are all diving deeper into Privileged Accounts
  • 12. Telecom Regulations DOT circular (31st May 2011) states in 5.6 A (vi) c. that The Licensee shall keep a record of all the operation and maintenance command logs for a period of 12 months, which should include the actual command given, who gave the command, when was it given and from where. For next 24 months the same information shall be stored/retained in a non-online mode.
  • 13. Other Regulations RBI Guidelines on Technology Risks IT Act Notifications – April 2011
  • 14. What are Privileged Accounts? Acct Type Scope Used by Used for Elevated • Personal Accounts • Privileged operations elevated permissions • IT staff Personal Accts • Access to sensitive – JSmith_admin (SUPM) – SUDO information Shared Highly Powerful •• Emergency • IT staff • Administrator • System Admins • UNIX root Fire-call • Network Admins Difficult to Control,DBAs Privileged Accounts • Manage & Monitor • Cisco Enable • Oracle SYS • Disaster recovery • Privileged operations • Help Desk, etc (SAPM) Usage is Not ••‘Personalized’sensitive • Local Administrators Developers • ERP admin Legacy Apps • Access to information Pose Devastating Risk if Misused • Applications • Hard-Coded, and • Scripts Application • Online database access Embedded Application • Windows Services Accounts • Batch processing IDs • Scheduled Tasks (AIM) • App-2-App communication • Service Accounts • Batch jobs, etc • Developers
  • 15. The Scope of the Problem... “Most organizations have more privileged accounts than personal accounts” (Sally Hudson, IDC) Typical use case - mid-size company IT profile: ~10,000 employees 8,000+ desktops/laptops 200 Windows servers 10 Windows domains 500 Unix/Linux servers 20 WebSphere/Weblogic/Jboss/Tomcat servers 100 Oracle/DB2/Sqlserver databases 50 Cisco/Juniper/Nortel routers and switches 20 firewalls 1,000 application accounts 150 Emergency and break-glass accounts
  • 16. App2App Communication • App2App interaction requires an authentication process – Calling application needs to send credentials to target application • Common use cases – Applications and Scripts connecting to databases – 3rd Party Products accessing network resources – Job Scheduling – Application Server Connection Pools – Distributed Computing Centers – Application Encryption Key Management – ATM, Kiosks, etc.
  • 17. Summary: Privileged Identity & Session Management A comprehensive platform for isolating and preemptively protecting your datacenter – whether on premise or in the cloud Discover all privileged accounts across datacenter Manage and secure every credential Enforce policies for usage Record and monitor privileged activities React and comply Integrate with IDAM
  • 19. Policies Privileged ID Management Policy & Procedures Privileged ID allocation – process of the approval mechanism for it Privileged ID periodic review – procedure for this Monitoring of privileged ID activities – mechanisms, and procedures for logging and monitoring privileged IDs Revocation of a privileged ID – what happens when an Administrator leaves the organization? How are vendor-supplied user IDs managed Managing shared/generic privileged IDs
  • 20. Thank you! Questions / Queries K. K. MOOKHEY kkmookhey@niiconsulting.com NETWORK INTELLIGENCE INDIA PVT. LTD. www.niiconsulting.com