Best Practices for Securing Privileged

Accounts Steven Ringelberg

Chief Operating Officer

go2vanguard.com

About Vanguard

Founded: 1986

Business: Cybersecurity experts for large enterprises

Provide software, professional services, and training

Customers: 1,000+ worldwide

More than 20 distributors and resellers serving 50+ countries worldwide

Data Breaches

• Number of breaches and

outside attacks increasing

• Continuing insider problem

- malicious or by accident

“Passing Audits” is no solution.

Target Corporation: One of the Largest

Retailers in the United States

“Target was certified as meeting the standard

for payment card industry (PCI DSS) in

September 2013. Nonetheless, we suffered a

data breach…”

now ex-chairman, ex-president, and ex-CEO of Target

Corporation, Gregg Steinhafel (http://buswk.co/1lT9j0X)

Data Breaches - US

• Ebay

• Google

• Target

• Home Depot

• Sony

• Anthem Health Insurance

Data Breaches

Logica and Nordea Bank:

Mainframes Breached April 2013

Sophisticated Criminal Enterprises

Hacktivists/Terrorists

Governments

Who is attacking you?

Data Breaches: The Fundamental

Step.

Mandiant: 2014 Data Breach Report 100% of breaches examined included an exploitation of a user id and password that was compromised.

What is our goal?

Perfect Security?

Better Security?

Good Enough Security?

Security

Best Practices

1. Least Privileged Access. 2. “Lock out” privileged users. 3. Multi-Factor Authentication 4. Active Real Time Alerts.

Least Privileged Access.

If you do not need access you do not get access. Basic Issues:

a. Enterprises have to know who has access to what resources.

b. Regular Review and “re-certification.

Lock Out Privileged Users.

Everyone with high degree of privilege (sysprogs, security administrators, etc.) is like a locksmith: they can make a key to unlock any door/access any resource. Basic Step: Implement an automated tool to prevent privileged users from making their own key/granting themselves access.

– Multifactor Authentication: a method of

requiring factors from three categories

• Knowledge Factors

• Possession Factors

• Inherence Factors

Multifactor Authentication

• Two-Factor Authentication

• Two-Step Verification

• Strong Authentication

Multifactor Authentication

• Knowledge Factors

- Password

- PIN number

- Mother’s maiden name

- Favorite potato chip

Multifactor Authentication

• Disconnected (RSA, ActivID, etc.) - Sequence-based tokens – singular button, multiple

depresses

- Time-based tokens – change every ‘x’ seconds typically

• Mobile phones – soft token or SMS one-time password

• Connected – Magnetic strip – ATM card, etc.

– Contacts – Smartcard, EMV credit cards,

– USB – zPDT key, RSA SecureID800,

– Wireless – RFID, Bluetooth, Proximity

– Other – Audio Port, iButtons, etc,

Possession Factors

• Fingerprint

• Hand topography

• Eye (iris)

Inherence Factors

When a critical or sensitive resource is

accessed, an automated message should

be sent to one or more people so they can

investigate and approve or remediate.

Active Alerts

What is our goal?

Perfect Security?

Better Security?

Good Enough Security?

Exposure Issues

Vanguard

Least Privileged • Vanguard Administrator • Vanguard Analyzer

Lock Out • Vanguard Configuration Manager.

• Vanguard Policy Manager.

Multi Factor • Physical tokens • Smartcards aka PIV or CAC cards • Software-based virtual tokens

Alerts • Vanguard Active Alerts • Vanguard Enforcer Vanguard Advisor

Questions?

35

For More Information: Call 800-794-0014

or Email info@go2vanguard.com

Grazie

Japanese

Thank You English

Merci French

Russian

Danke German

Italian

Gracias Spanish

Obrigado Brazilian Portuguese

Arabic

Simplified Chinese

Traditional Chinese Hindi

Thai

Korean