Whenever new computers and applications are deployed on a network, they can introduce unforeseen security risks. Shared and default privileged account passwords are introduced through deployment scripts, ghosted images, default appliance credentials and developer “back doors.”
I’ve been in the security software industry for many years and my company focuses on privileged identity management, so it kills me every time I get a call from a potential customer telling me that they suffered a breach because of a lack of common sense and need our help to get things back under control.
At my company we often say that “privileged identities hold the keys to the IT kingdom.” After all, an admin who knows his organization’s privileged account passwords can access systems with highly sensitive data, install or remove applications and files, and change configuration settings virtually anywhere on the network. And…
Can you identify the significant common factor in these attention-grabbing headlines? Thousands of secret diplomatic communications are stolen from the US government and posted onto WikiLeaks. A powerful computer worm (dubbed “Stuxnet”) invades isolated computer networks to wreak havoc with physical machinery that drives a foreign government’s nuclear programs. The…
Now we’ll explore solutions that some of the best-managed casinos have deployed to protect their most sensitive data and IT assets.
When it comes to handling insider security threats, casino industry IT professionals face challenges that set them apart from peers in other markets.
Not surprisingly, the research also identified the misuse of privileges as the top threat vector for the year. Even less of a surprise is the fact that database servers were the top target in terms of both the number of breaches (25%) and volume of records (92%).
Use of a password vault might keep the privileged identity problem out of sight from auditors, but it disguises the fact that the spreadsheets often contain never-changing passwords known to too many individuals inside and outside of IT.
Hackers, as part of their initial intrusion, will extract all of the passwords stored and used on the compromised machine, decrypt them at their leisure (see Rainbow Attack), and then come back into a company’s systems via the initially compromised machine and use these credentials to access virtually every system in the company. From there, the attacker can plant more collection software in a matter of minutes. This is known as the common administrator password flaw, and this is how the famous Conficker virus spread.
Default passwords for these powerful, out-of-band devices are seldom changed and widely published. [For example, Dell cards use the default password calvin.] This means that anyone with network access and malicious intent can login and power down your datacenter hardware.