(Of course, doodies need to be separated, too, but that’s a topic for another time on my motherhood blog.)
Why do we want to separate duties? Because this prevents a rogue from being able to both steal data AND cover it up (kind of like why you want one person to write the check in a company, and another person to sign it, or why you don’t want your accountant to be your auditor). Right.
How do you properly set up separation of duties? By following these rules:
- A “Root” or “super-user” account is allowed complete access to the system or network. (So anyone logged on to this account has unlimited power that can be used for good or for evil?) Exactly. And because some people are evil, the password used to access this account should be locked away and never used except in case of dire emergency.
- Since the “super-user” account is all-powerful, it becomes a juicy target for hackers. In case it somehow gets compromised, the “super-user” account should be prevented from changing the password of any other account and should not be able to log on to any other account either. Further, it should not have any access to the security subsystem.
- One or more security administrator accounts should be created, each with specific, limited authority, and assigned to a separate individual as follows:
- The administrator who can create, roll, and alter security logs has no other system access.
- The administrator who can modify security subsystem settings cannot access the logs, nor modify user settings.
- The administrator who can modify user security settings cannot alter the security subsystem nor access the logs.
(So you’re saying that a company has to hire 3 full-time employees just to have a proper separation of duties? Seems like a lot of dough to spend.) Well, yes. No one ever said security was going to be cheap. But you should weigh this against possible losses due to theft of company secrets or improper disclosure of company confidential information.
(But this doesn’t prevent the employees from going into cahoots and stealing data together.) That’s called “collusion.” And no, separating duties does not prevent it. However, the chances of two or more employees getting together to perform criminal acts is much lower than that of a lone wolf acting on his/her own.
Similarly, system, backup, and application accounts should also all be separated.
- The administrator who can back up and restore files and databases should not be able to read and write them.
- The administrator who can start and stop applications and databases should not be able to access them.
- Applications and databases should be owned by “frozen” accounts. This will help prevent anyone from logging on to this account where they might have full access to an application or database
By wisely separating duties, encrypting your files and databases, and securing them to specific users and computers, you will create an environment that provides much more in-depth defense of your critical applications and data. These settings will make it much more difficult for an attacker because he won’t be able to log in to the accounts that own the applications and databases.
And to increase the overall security of your encryption, ask if FIPS 140-2 Level 3 validated hardware is used to 1) generate and store the encryption keys, and 2) encrypt and decrypt the data you are trying to protect. (Say what? Come again?). Don’t worry, this will be the topic of our next post.