Guide to the UK government cyber essentials scheme
by Edwin Bentley - Senior Software Developer at Titania - Thursday, 1 May 2014.
3. User access control

User accounts with special access should be assigned only to authorised individuals and granted with only minimum level of access to applications, computers and networks. User privilege is essential to manage, in order to avoid abuse. Privilege abuse makes up for 88% of insider threat actions, according to the latest Verizon DBIR (Data Breaches Investigation Report).

What to look for?

Accounts should be subject to approval, restrict access to a need-to-know basis, details of special access clearance should be documented and reviewed, for a clean track record and auditing procedures. Admin accounts should be used only for administrative tasks and isolated from internet or email. Authentication should require a unique username and a strong password which should be changed on a regular basis. Updated removal or disabling of special privilege accounts when necessary.

Case in point

Last yearís most prominent case of user privilege abuse was the U.S. government contractor Edward Snowden. With unauthorized SSH keys and falsified digital certificates, Snowden managed to access and steal NSA documents without setting off the alarms across the network, and the NSA is not an isolated case. These type of practices have already been reported in the wild. Under the context of trust abuse and special access threats, every enterprise is a sitting target.

4. Malware protection

Viruses, worms, spyware can infect any device with an internet connection, thus any organization should have malware protection software.

What to look for?

Malware protection software should be configured to scan files automatically upon access (downloading, opening files, or accessing web pages) as well as regular automatic scans. Regular updates should be installed, either through manual or centralized configuration. Website blacklisting should be employed to prevent suspicious connections.

Case in point

The Google Drive scam was a very convincing phishing scam targeting Google Docs and Google Drive users. It consisted of a simple email with a request to view a shared document on Google Drive. The link led to a fake Google login page, which looked almost identical to a real one, because the fake page was hosted on Googleís servers and benefited from Googleís SSL certification, to make it look even more convincing. But once the user entered their credentials, a PHP script stored them on a compromised server.

With a configured list of blacklisted websites and up to date detection software, this type of scam would not pose much a problem to an organization.

5. Patch management

Any software is prone to technical vulnerabilities. Once discovered and shared publicly theses vulnerabilities are quickly exploited by cyber criminals, or organized groups.

What to look for?

Ensuring that the software is licensed and supported in order to receive continuous updates. Updates and security patches should be installed in a timely manner. Software which is no longer supported should be removed from the computer or network.

Case in point

The end of support for Windows XP announced as early as 2007 still came as an unpleasant surprise to dedicated users and cost-weary businesses. But loyal home-users and organizations will have to make the migration very soon, as security threats loom over the unprotected OS when the next patches are released for the other versions of Windows.

A lifeline to SMEs

The butterfly effect in the cyber market can be even less than a delicate wing batting in Brazil; it can be a weak admin password to a third party vendor with peripheral access to a SCADA system powering the energy grid for a middle-sized country.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th