Wednesday, January 30, 2013

Permission to come aboard?

Most experts agree that human error or ignorance is responsible for more security breaches than technology flaws. The challenge is to use technology to try to overcome these human weaknesses.

A recent article in CSO magazine promotes the use of Least Privilege Management (LPM) as one method to cut down on security issues. The methodology works like government security clearances -- not only do you have to be cleared at a certain level, but you also have a need to know before you have access.

The LPM method is similar to what is implemented in Uplogix Local Management for user management. By default, users have no privileges on any resource. Privileges are defined by roles, which are tables of permitted commands. Privileges are granted by assigning appropriate roles on the desired resources to define what the user can do on each resource.

The 2012 Data Breach Investigations Report from Verizon said that of the breaches included in their research, 96% were not highly difficult for attackers and 97% could have been avoided through simple or intermediate controls.

Managing multiple users and roles in enterprise networking groups is simplified by the Uplogix Control Center. It allows you to create and manage group accounts across multiple Uplogix Local Managers to ensure a consistent user group organization and privilege policy.

Uplogix defines permissions, roles, and privileges as follows:
  • Permission - ability to use a specific command or capability; can be allowed or denied in a role definition
  • Role - a named set of permissions, such as admin
  • Privilege - a role assigned to a specific account for a specific resource, such as "admin on server" or "guest on port 1/4"
The Uplogix Control Center restricts access to features based on users' privileges. For example, if a user does not have a role that includes permission to use the config system ipcommand, the IP configuration link will be unavailable for that user on the appliance detail page.

Uplogix ensures that only the right users have the right access to devices and systems by providing very granular and customizable administrative access. Our Local Managers provide a secure management platform that meets the industry’s most stringent security, encryption and AAA requirements, ensuring that security and management policies are always enforced, even during a network outage.