At the heart of the celebrated case of Edward Snowden lies one important fact: The infamous contractor gained access to the trove of documents that he ultimately leaked to journalists by escalating his access rights. And despite this very real poster boy having been in the news for the past several months, many enterprises haven’t done much with reeling in — or even auditing – the access rights they have in place.
In fact, far too many enterprises don’t know how many of their employees have administrative rights to their servers and systems. You’d think that post-Snowden, this would be a no-brainer and that your management would be all over you to lock down your networks. You’d be wrong.
In this report, end users attending a McAfee customer conference said that less than a third of them had actually made any alterations to their administrator rights policies since the NSA breach was publicized. What is worse, 80 percent couldn’t even say who had admin rights to their servers. That’s just downright wrong.
It isn’t as if privilege rights issues began and ended with Snowden’s caper. The issue has been around for literally decades, since the first local area networks were created. Remember the first versions of Windows NT? One of the early exploits was being able to reboot the server with a floppy disk and having total access to its hard drive due to its poor rights management features.
This isn’t just a technical issue, either. From my own checkered employment history, I know that many of my ex-employers didn’t terminate my access rights for days, weeks, or months after my job ended. I’m sure many of you have similar stories. It’s sad how this basic security practice is ignored, especially when no fancy software or hardware is needed. Just vigilance.
The exploit of privilege escalation is such a popular one that the Open Web Application Security Project has put together a short code example and script that you can use to set up your own tests for Web servers. And as recently as this month, we saw stories about a similar problem with Windows XP that caused Microsoft to issue this security warning.
There are dozens of such warnings for most popular software applications, too, but this might be the final reason anyone needs to rid themselves of XP. One suggestion from McAfee is to use the transition to Windows 7 or 8 as a teaching moment for network IT managers and do a thorough audit and census of their privilege management policies.
If you’re worried and want to do something about it right now, there are vendors who can help you track this information and lock down your admin rights. They include EPO from Avecto (the sponsor of the McAfee survey) and the Shell Control Box from Balabit. Such tools insert themselves into your networks and keep track of who has rights to the wrong places so you keep things locked down.
But the first step is to admit that you don’t have any clue about what is going on with your network access rights — and then start being more attentive.