有效的互动特权访问审查

大多数组织都会同意这是一个很好的实践, 尽管这并不容易, to establish rules relating to the amount and type of access to provide to particular job roles. 访问控制是保护澳门赌场官方下载信息安全的关键环节. It requires focused analysis to identify all the activities a role may need to undertake to perform its function and what information or applications the role may need to do the job thoroughly and well. 生活就简单多了，如果, 在投入时间和精力确定角色和关联的访问规则之后, 什么都没有改变，也不需要例外.

但是，生活很少合作. 偶尔, certain individuals must be given privileged access to certain tools or information to accomplish a specific, 离散目的—它们的角色的某些方面不在普通任务列表中. Organizations may need to assign privileged access to take advantage of an unexpected opportunity or to address a hitherto unknown threat; it is part of doing business in a digital world. 然而, great care must be taken in understanding the legitimate reasons for assigning privileged access, 以可控的方式分配它, 并监督其持续使用和终止，以确保该特权不被滥用. This article covers the broad aspects of the importance of interactive privileged access review; how it should be done, including some tips on frequency of the access reviews; and expected outcomes as benefits. 但是，它不会从头到尾地涵盖日志审查的整个范围.

什么是特权访问?

正如“特权”一词所表明的那样, 这是一种特殊用途的访问，比普通访问要求更多. 特权访问角色的一些示例包括管理员、根用户或超级用户. 分配这些角色的人员可以做的事情比普通用户或最终用户多得多, 例如授予/撤销访问, 更改访问级别并重置凭据.

Providing privileged access must be aligned with the least privileged access needed to perform a defined job role or on a need-to-know basis. A document outlining separation of duties should be kept as a reference for who should have what access and to ensure no conflict of access or roles.

Privileged access must be provided based on demonstration of a legitimate business need and the advance approval of access by the data asset owner or an authorized delegate (图1，第一列.0).

一般来说，有两种特权访问模式:

• 通过图形用户界面(图形用户界面[GUI]), 用户界面屏幕)在前端, 通常用于应用程序访问管理
• 通过后端(也称为交互式访问), 通常由IT支持专业人员或一般IT专业人员使用, 作为他们分配的应用程序支持角色的一部分. 在应用程序中断或问题的情况下, 分配此角色的人员需要此访问权限来执行所需的修复工作, 从业务或应用程序失败中恢复. 此修复工作的一些示例包括代码的更改/更新(bug修复), 对数据进行更改/更新，并进行配置更正/更新.

交互式特权访问示例
Examples of interactive privileged access include Unix-ID for shell script 更新s in the production region, Job Control Language (JCL) access in the mainframe for mainframe job submission/resubmit in production, 对作业调度器(如CA7或autosys)的交互式访问, 后端生产数据库更新作为运营支持需求的一部分.

潜在风险

While privileged access would benefit the organization to effectively come out of a production outage as part of “run and protect” the business, 它也有内在的风险.

即使是被授权的人访问, 那个人可能会犯错误, 例如, 不正确地更新数据或关闭应用程序, 哪些会影响业务, 造成生产损失和/或经济损失. The organization could also lose its reputation in the market or be perceived as weak in protecting its own competitive advantage. 客户的数据隐私可能会受到损害, 例如, 由于个人身份信息(PII)的丢失或, 在某些情况下, 保密的个人身份信息(SPII). The organization may end up paying hefty fines due to various governmental regulations while losing customers’ confidence and brand image.

It has been reported that more than half of cybercrimes or cyberattacks happen due to the weakest link in the chain: internal employees whose credentials are either intentionally (for personal gain or other illegal reasons) or unintentionally (phishing or malware) compromised.

保护特权访问的一种方法是特权用户访问管理(PUAM)。.

Any need for privileged access to the production area should be addressed through the workflow for requesting credentials for privileged access with proper approval processes (图1，第二列.0).

特权帐户凭证应存储在公共密码存储库中, 具有静态或动态密码重置功能.

如何监控

Interactive privileged access for IT personnel must be monitored and their activities should be audited in an appropriate and timely manner to ensure the effectiveness of the control (图1，第3列.0).

It must be done in such a way that any unauthorized access can be detected as quickly as possible and also be able to give some indication of the size of the impact. 最终, 管理人员必须对关键的访问和操作有一定的了解. 这可以包括对两个广泛问题的答复:

1. 谁需要这种互动的特权访问?
2. 谁使用交互式特权访问，出于什么原因?

日志记录机制和保护日志完整性

在配置日志时，应该设置并应用适当的标准. 应该非常小心地将日志设置为只读，并进行适当的归档设置. Proper archiving is highly recommended to ensure that the size of the log file is not impacting the performance of the operating system. Important logs can also be stored at a backup location in case of specific legal retention requirements.

日志审查频率

The frequency of log reviews should be directly proportional to the frequency of interactive access and the criticality of the asset. 在理想的情况下, 如果日志检查发现任何问题, 它应该尽可能靠近事件的起源, 哪一种方法可以帮助你从中恢复.

标记易受攻击和非易受攻击的命令是执行日志检查的良好实践.

Vulnerable commands can be defined as those such as data copying, data edit/manipulation or delete. 如果由授权人员执行，则查看数据是不容易受到攻击的命令. 因此，在执行日志检查时，有必要关注易受攻击的命令(图2).

在审查期间，从各自的服务器团队获取日志转储. The team member then parses the log file into structured line items (probably in an Excel spreadsheet), 在一行中列出一个命令, 身份证的结帐时间, 是谁借出的，以及获得访问权限的参考票号码(图2). 然后，团队领导审查日志的适当性. Once the leader is convinced that the privileged access activities were in line with the expectations, 他或她将审查结果转发给主管批准. 然后主管提供批准(图1，第3列.0). 如果发现异常, the supervisor must use his or her judgment and consults with the security compliance team for further corrective actions. 如果有解释性注释，如 图2, it should be addressed by fixing the gap and monitoring for consistency in adoption as part of maintenance.

改进的例子

有时, 支持分析师可能会推回, saying unrestricted back-end interactive access is required as part of operations support simplification. Proper care should be taken to separate out read-only privileges and other high-level privileges such as edit, 更新, 删除或执行. 而通过只读方式完成的活动可以快速地进行审查, 只要是由授权的服务人员完成, 其他命令，如更新, 删除或复制需要仔细检查具体票证参考. This prioritizes the log review area effectively and reduces the risk accrued to previously unrestricted back-end privileged ID access.

结论

随着IT转变为业务实现的关键驱动因素, privileged access review should demonstrate the existence of controls and uncover any shortfalls therein. It should result in meaningful actions based on feedback about the overall IT process as part of continuous improvement.