2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	577/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 573 574 575 576 577 578 579 580 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Account Review
Accounts should be reviewed periodically to ensure that security policies are being
enforced. This includes ensuring that inactive accounts are disabled and employees do not
have excessive privileges.
Many administrators use scripts to check for inactive accounts periodically. For exam-
ple, a script can locate accounts that users have not logged onto in the past 30 days, and
automatically disable them. Similarly, scripts can check group membership of privileged
groups (such as administrator groups) and remove unauthorized accounts. Account review
is often formalized in auditing procedures.
It’s important to guard against two problems related to access control: excessive privi-
lege and creeping privileges.
Excessive privilege
occurs when users have more privileges

Managing the Identity and Access Provisioning Lifecycle
613
than their assigned work tasks dictate. If a user account is discovered to have excessive
privileges, the unnecessary privileges should be immediately revoked.
Creeping privileges
(sometimes called
privilege creep
) involve a user account accumulating privileges over time
as job roles and assigned tasks change. This can occur because new tasks are added to a
user’s job and additional privileges are added, but unneeded privileges are never removed.
Creeping privileges result in excessive privilege.
Both of these situations violate the basic security principle of least privilege. The prin-
ciple of least privilege ensures that subjects are granted only the privileges they need to
perform their work tasks and job functions, but no more. Account reviews are effective at
discovering these problems.
dangers of Failing to review Accounts
Lucchese Bootmaker, a boot-making company headquartered in Texas, learned firsthand
of the dangers of not performing audit reviews. Joe Vito Venzor, a sys admin at the com-
pany, was notified that he was being fired at about 10:30 a.m. on September 1, 2016. It
apparently took company employees about an hour to get him out of the building.
At about 11:30 a.m., authorities state that he used a previously created backdoor account
to shut down the company’s email and application servers. The application servers man-
aged the production line, warehouse, customer orders system, and warehouse activities.
After three hours of downtime and no resolution in site, management sent 300 employ-
ees home.
Other damage occurring at the same time included the deletion of core system files, pre-
venting IT personnel from restoring the servers. Additionally, many staff account pass-
words were changed. Lucchese hired an outside contractor to help them recover and said
it took them weeks to catch up with lost orders and production.
The backdoor account Venzor created was named “elplaser.” This looks like an office
laser printer account. However, an office laser printer does not need the high-level admin-
istrator privileges required to cause so much damage. An account review can detect
excessive privileges and may have prevented this attack.
Police arrested Venzor on October 7, 2016, and he pleaded guilty on March 30, 2017. He
was sentenced to 1½ years in prison on July 19, 2017.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 573 574 575 576 577 578 579 580 ... 881