Security training is one of the easiest, and hardest, things for an enterprise to do.
First, it takes budget, and these days budget for something ‘soft’ like this can be hard to come by in any organization. Second, it can be hard to measure any return on the investment. This is a problem with security in general, but with an exercise like training an activity like testing the training can be difficult, and it can add to the overall cost. Third, no matter how much training we give people, it always seems like it doesn’t stick. Especially with something like security where we are often asking people to replace what may be perceived as an efficient or simple method of doing something with a more secure practice that could be perceived as a burden.
And, after training managers may have an expectation that the problem is solved, where really it may not be. This leads to the first bit of advice:
Expectation does not replace inspection.
If we do not test for compliance, we can not truly know if we are compliant.
This is a great lesson for managing internal systems. Systems buried deep in our networks, providing critical operations and accessed only by the trusted staff of administrators at an enterprise are often assumed to be secure. The fact is, they are not inherently secure, but need to be secured. What these servers need to be protected against is the possibility of a compromised account, a user or administrator who exceeds his authority, or a disgruntled user who deliberately abuses their privilege to access a system.
In the case of deliberate abuse, well, it is really very hard to stop. After all, someone has to have access to provide for the administration of our servers. And, we expect them to behave professionally and in the best interest of the enterprise.
And, there we go again, expecting something.
For Linux and Unix servers providing critical services it is not enough to expect the best. The use of a privilege management tool that can record the privileged activity is essential, and provides the ability to inspect as well.
There is a growing trend in enterprises, recognizing that administrative access to servers needs to be managed, protected and recorded. BoKS ServerControl provides the ability to manage the who, how and what of Linux and Unix access, combining account management, access control and privilege enforcement and monitoring.
You may also be interested in: Best Practices for Unix/Linux Privileged Identity and Access Management
FoxT Access Management & Governance solutions complement your existing technologies by adding granular control and enforcement of authentication and authorization policies for both privileged and end users. www.foxt.com/boks