[Computer Systems Security]
Permanent high-speed connectivity to the internet has brought enormous opportunities to organizations of all sizes. Unfortunately, a connection to any network, even if temporary, increases the security risks associated to malicious software and attackers.
Permanent high-speed connectivity to the internet has brought enormous opportunities to organizations of all sizes. Unfortunately, a connection to any network, even if temporary, increases the security risks associated to malicious software and attackers.
Users are generally unaware of how real these threats are and most of them simply believe in antivirus software and firewalls as solutions capable to provide them with enough protection. While these solutions do contribute for the overall security of both home and business computers, they are only effective if part of an in-depth defense security strategy. When a user logs into a computer with administrative privileges they can alter system-wide settings that affects all users of that computer. Such actions, which can be originated from either human error (unintentional) or criminal actions (intentional), can block management software, disable firewalls and antiviruses, modify and destroy files in the computer or in file shares, format disks, and open or block communication ports, among other things, invalidating important policy settings designed to protect that device.
Programs that start under the user’s account have the same privilege as the user. The same is true for malware and viruses that are downloaded (either from the internet, file share, infected disks or thumb drives) and run under that account, compromising not only the user’s computer but also servers and other devices attached to the network. Now imagine how much damage a knowledgeable user with administrative privileges can do to an organization if he wants to do so. He may not necessarily want to bring down the company’s network or affect devices and services, but instead he may steal intellectual property and assets, impersonate other users, and after all, cover his tracks to avoid getting caught.
In such scenarios, the concepts of Least Privilege, Separation of Duties, and Rotation of Duties are invaluable tools used to minimize the security risks related to the power and trust privileges given to employees.
Least Privilege
The Department of Defense's Trusted Computer System Evaluation Criteria (DOD-5200.28STD), also known as the Orange Book, defines least privilege as principle that “requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.”
In a nutshell the idea behind this concept is to grant users only the necessary privileges to perform their tasks. This would mean that users should not be allowed to do things that are not pertinent to their jobs, such as accessing the Internet at will, listening to their preferred music or accessing photos from a compromised storage device.
This concept can be very effective if properly enforced. The risk of being affected by viruses, malicious software, human errors, and unauthorized access could be greatly minimized. Still, it is necessary to educate the users about the security threats and their consequences, otherwise, opposition to this concept may arise and its implementation becomes almost impossible to be accomplished.
Separation of Duties
This principle intends to handle conflict of interest and fraud by regulating and validating the amount of power held by the users in an organization. Management controls are specified to block the use of power for personal profit as well as collaboration among individuals for the same purpose, and to validate the correct execution of responsibilities.
Humans can and do make mistakes. They can do something incorrectly even if they have the best of intentions. And, sometimes, they may purposely perform incorrect actions. Audits are important to make sure that both users and systems are acting according to the company’s regulations. For example, Separation of Duties is applied in production and development environments to make sure that they interact as little as possible and that the installation or delivery of applications into production should be reviewed by a group of individuals other than the development group.
When effectively planned and implemented, the Separation of Duties will minimize the risk of human errors and criminal actions against the company’s assets and ensure that each individual and systems are correctly executing, and only executing, the tasks that they are responsible for.
Rotation of Duties
Rotation of Duties is closely related to the Separation of Duties concept. It can be seen as an additional deterrent to fraud. Users’ responsibilities and tasks should be rotated periodically so that it becomes more and more difficult for users to collude to exercise the complete control of any transaction for fraudulent purposes.
Also, the rotation of responsibilities allows for exchange of experiences and cross-training among employees, besides improving the depth or personnel skills and succession.
Conclusion
Organizations are constantly faced with internal and external threats in a world where the need to stay connected is an increasingly addiction. Computer users, who are ever more familiarized with the Internet but remain mostly unaware of its security risks, are entrusted with power and access to computer and networks in their work environment. Bad practices, human errors, and criminal acts are transforming employees in the biggest security threat to their organization’s computer systems.
In this posting, security principles were researched to address this situation. Among them were the concepts of Least Privilege, Separation of Duties, and Rotation of Duties.
Least Privilege mitigates the risks associated with administrative accounts by granting users only the rights necessary to carry out their jobs.
Separation of Duties intends to handle conflict of interest, the appearance of it, and fraud by regulating and validating the amount of power held by the users in an organization.
Rotation of duties extends the principle of Separation of Duties as a mean of identifying fraud by periodically rotating responsibilities among the individuals within an organization. It also promotes employees personal growth by allowing for the diverse sharing of experiences and cross-training.
When combined and well implemented, those principles contribute to the computer system security by specifying the individual tasks for each of the employees within an organization, the minimum necessary privileges to allow then to perform their tasks, mechanisms of control and validation for such tasks, besides allowing for the employees individual growth.
Works Cited
NIST (1996). Trusted Computer System Evaluation Criteria – The Orange Book. Retrieved July 8, 2011, from http://csrc.nist.gov/publications/history/dod85.pdf
