The Support Security Bubble – Government Security News
“OPINION: The Support Security Bubble”
If there is anything we should have learned from the economic debacle of the last two years, it is that the status quo is not safe. And yet we continue building upon it until right past the point of collapse. It has happened time and again in our markets, and it is happening in IT support as we speak.
For many years, IT support in both the public and private sectors has been concerned with securing others; making sure that each new employee is properly locked down and firewalled. However, little attention has been given to securing IT support itself, and in particular, securing the essential tools of the support trade: remote access and remote control.
Without these tools, many federal agencies would grind to a halt, no longer able to leverage a limited support staff across a distributed user base. And yet when the Verizon Business RISK team investigated over 500 actual data breaches between 2003 and 2007, they found that, “In over 40 percent of the breaches investigated during this study, an attacker gained unauthorized access to the victim via one of the many types of remote access and control software.”
Verizon went on to say: “IT administrators were responsible for more data compromises than any other insider role.”
It needn’t take a catastrophic security breach to pop our perception of safety. As with other bubbles, a return to the fundamentals offers a way out before the inevitable burst. An April 2009 report by Gartner, entitled PC Remote Control Security: Risks and Recommendations, offers a few practical but rarely practiced recommendations:
“Include at least one additional user authentication challenge to strengthen remote control access against attacks.”
“Block forbidden PC remote control tools using group policy objects or application control tools.”
“Build a list of unsupported remote control tools, and add them to scans for inventory, vulnerability and intrusions.”
“Do not select tools that rely on a publicly accessible directory system; instead, bring the directory system in-house.”
Perhaps the most important recommendation Gartner makes, however, doesn’t seem to relate directly to security: “Create a strategic vision for the use of remote control.”
A strategy, though, is vital if you hope to deflate the bubble gradually, rather than let the irrational exuberance of the status quo lure you one small step past the bursting point.