??TECHNOLOGY OPTIMIZATION??
Gaining Visibility into Enterprise IT Security
By Yosef Beck AND Jeff B.
The Importance of Monitoring for Enterprise IT Security Pitfalls
Enterprise Security IT teams face enormous challenges
in securing their infrastructure environments.
Network Architecture complexity, volume of servers
and users, along with simply finding available time
to audit existing systems are all obstacles to effective
security. Currently, there is no single, integrated tool
that will provide you with this ability.
There are many basic functions of IT systems and
each one presents a unique challenge to both security,
as well as, visibility for the IT security team. In all of
these functions, the goal is to minimize the number
of people with access and monitor IT activities for
odd behavior. An example of odd behavior would
be monitoring system logs for remote access requests
by accounts that should have been deactivated. In
addition, wherever possible, do not include private
or sensitive information where anyone can easily
view it. Finally, if there is no other option, ensure
that information is encrypted before storing it in
a public location.
Over the course of dozens of projects, we have
observed that the following basic functions are
common pitfalls of corporate IT security, and
could benefit from applying the security best
practic es listed above:
• Remote Access is the ability for an individual to
access a computer or network from another device.
Leaving remote access turned on without ensuring
the right people are accessing it is like leaving the
back door of your house open. Typically, users
having remote access are advanced users and it is
commonplace to see these same users with local
administrative privileges to the environment.
Know which individuals have remote access to
server assets to help secure a corporate network.
• Environmental Variables - Commonly used to
store information for applications in an operating
system or program, environmental variables are keys
58
FALL 2 013
T EC HNOLOGY O P T IMI Z AT ION
•
•
•
•
or value pairs that are typically stored unencrypted.
Due to their ubiquitous nature, it makes them a
logical choice as a place to store credentials for
applications to use. However, consider a situation
where a user’s login credentials are stored on a
server within environmental variables. If they are
unencrypted, any individual with access to that
server can see those environmental variables.
Storing them unencrypted is like leaving a pair
of keys on your doorstep for anyone to copy.
Make sure to encrypt all sensitive or private files.
Open Database Connectivity Connections
(ODBC), is a middleware application-programming
interface (API) for accessing databases. Similar to
leaving a list of addresses out for anyone to read,
ODBC connections are created and stored on a
server for applications or processes to consume. Like
Environmental Variables, ODBC connections are
also typically stored unencrypted and may contain
user names, passwords and server information.
The Windows Registry, unique to Microsoft
Windows, is used for many things, one of which
is storing application specific information.
Server names, database names, and user credentials
may be stored in the registry. An individual with
permissions to a given machine’s registry could
gather a lot of information about a company’s
infrastructure with a cursory review of the data
stored within.
XML configuration files, text files, and INI
(configuration) files, in addition to others, are used
to store server data and sometimes user credentials
in unencrypted text. Typically maintained in a
human-readable XML configuration file, this
information is easily available to anyone with
enough user permissions on the client machine.
Databases by definition store information. This
information is commonly stored in tables or
files on company servers. A database having a
59