Cyber Essentials #4 – Who accesses what?

Home / News / Cyber Essentials #4 – Who accesses what?

In the past, IT resource access protection could not take into account the environment – the walled castle model was popular – you could only get through one entrance, after thorough inspection. Today – we are talking about the airport model – different users use it to a different extent and from different locations. The access you grant employees, managers and customers to the digital environment requires restrictions similar to those in the physical work environment. Managing access rights and establishing operational procedures requires knowing who is working in your infrastructure and with what level of authorization and responsibility. Managing users and access is a complex operation and there is no one-size-fits-all solution. It is general good practice to use the “least privilege” approach and a staged approach.

  1. Find out who is on your network.
  • Do you know who has access to your network? Do they have the proper permissions? How do they access your network and through which entry points? At this point, it is worth considering on the basis of article 3 – do you have the appropriate systems and procedures that allow you to gain such visibility?
  • Create an inventory of connected devices to track who and what is on your network (e.g. computers, smartphones, printers, routers). Use technology – either functions built into your MDM, CASB or Wb Security solutions for device inventory, or dedicated software – manual tracking is impossible.
  • Monitor and analyze user activities for unusual behaviors, such as access attempts outside of working hours, large data transfers, or access from unusual locations. Currently, the group of User Activity Monitoring solutions is gaining popularity, providing the context for “classic” security solutions.

  1. Take advantage of multi-factor authentication for all users. Strong access protection involves at least two factors: what you have, what you know, and what you are.
  • Knowledge factors are something known only to the user – passwords or personal identification numbers (PINs).
  • Something you have – could be a security identifier, an SMS text message with a code.
  • Something you are – fingerprints, voice, retina/iris or FaceID.

Remember – start with privileged, administrative, or remote access users.

  1. Grant access and administrator rights based on the information you need and least privilege. Restrict user access to only essential information, networks, hardware, and applications. Ask yourself – is this level of access necessary for him to properly perform his function?
  1. Develop IT policies/procedures to account for changes in user status.
  • Implement policies, processes, and technologies to ensure that only authorized users receive the minimum required permissions.
  • Identify and deactivate unused accounts, eliminate shared accounts, remove unnecessary privileges, and enforce strong password policies.

Termination, separation or even transfer to other departments in the organization – requires your knowledge and re-authorization of the user.

  1. Use unique passwords for all user accounts and implement such a policy. Many cyber attacks happen because of weak and easy-to-guess passwords, so all passwords should be strong and unique, such as a sentence with numbers and special characters.
  • Choose a password pattern or template that can be applied to different accounts. A personal pattern or template allows you to use different passwords for each account, while making it easy for the user to remember. For example – quotations from books or poems or Roman parems. Of course, with numbers and special characters.
  • Whenever possible, consider mechanisms stronger than password authentication, such as biometrics, one-time passwords, and tokens for the most sensitive applications and functions

In practice, specifying the highest risk group g – usually system administrators – allows analysts to reduce the psychological burden associated with incident management. After all, the unknown devil is the worst. Gradual access management allows you to:

  • Prioritize users and access.
  • Capture behavioral trends for individual groups and use them for a further population of security policies and their optimization through feedback.
  • Ultimately – provide the level of security deemed desirable in the organization.

Naturally, it is difficult to achieve this with policies alone – the functions of real-time device recognition, Multi-Factor Authentication or Single Sign-On are elements of the entire solution that must be implemented. Feel free to contact us to know more.

Powiązane posty

Please be advised that our website is using cookies for marketing, statistical and functional reasons. In order to optimize the content on our website and to adapt them to your individual needs, we use informations saved using cookies on users’ end devices. Cookies can be controlled by the user through the settings of their web browser. By contiuning to use our website without changing your web browser settings, you are accepting the use of cookies.