Securing administration #CyberSecMonth
Manage your fleet with complete peace of mind
The administrators must be more vigilant with their administrative actions. Indeed, it is essential to guarantee the safety of these actions to ensure the integrity of the park and the system. Poor management of administrative rights can have very serious repercussions for an entity.
“The security of the information system depends on the proper management of administrative rights. There are many good practices and solutions to ensure that you can act safely and without compromising the organization.
How to act without risk?
Isolate the administration from the rest of the system:
Workstations and servers used for administrative actions must not be able to access the Internet, as surfing the web can present risks in terms of cybersecurity. Administrators who need access to the Internet must do so from a different workstation. The use of office automation tools must be done via a remote virtualized machine to guarantee the integrity of the network.
The administration network allows you to connect the administration workstations and servers and the equipment administration interfaces. It is necessary to partition the administration network of the employees office automation network to avoid compromising it by bouncing from a user workstation. It is recommended to set up a physical partitioning of the networks or a cryptographic partitioning thanks to the installation of Ipsec tunnels to ensure the integrity and confidentiality of the information. If these actions prove impossible to implement, it is still important to create at least one partitioning by VLAN.
Restrict administration rights:
It is common for some employees in organizations to want additional privileges on their workstations (software installation, system configuration, etc.). A user, regardless of his or her hierarchical position, should not be granted these administrative privileges since he or she could be the source of malicious code execution. It is recommended to have an application store that meets security criteria defined by the entity to meet most employees needs. It is still possible to grant administrative privileges to a user, but this practice must be exceptional, tracked and limited in time (and therefore verified and updated later). In addition, these administrator accounts should only be used for administrative actions and not for daily use. It is therefore necessary to create registered administration accounts such as “gbouchard-admin” in order to keep a registered history of the park’s administration shares.
WAPT and Samba-AD, your strongest allies!
Application deployment with WAPT
WAPT is a software deployment tool for Windows that automates fleet management through its centralized management console. Our solution allows you to install, update and uninstall software and configurations with reliable and instant feedback. This way, you can remotely schedule your software deployments without disturbing your users. WAPT also allows you to provide your users with a software store validated by you by following your security policies. Your users with restricted rights will therefore be able to install from a store the software they want in complete security.
As part of the security of the administration, WAPT is able to ensure the management of rights. Thanks to its package signing system, only the administrator can deploy packages on the park, it is impossible to take any administrative action without a signature key. It is also possible to differentiate the roles of console administrators, so those in charge of deploying packages will not be able to create them and risk compromising the infrastructure.
Indeed, WAPT allows you to easily create your own packages thanks to the Wizard package. It is also possible to visit our store, which has more than 1,000 packages, to download a package securely, edit it if necessary, test it on an isolated machine and then deploy it throughout the park.
Samba Active Directory, the Open Source alternative
Tranquil IT is the first Samba Active Directory integrator in France. Our expertise of more than 13 years on Samba allows us to effectively perform IT asset audits, Active Directory migrations, domain mergers and datadock certified training. We have carried out more than 270 projects thanks to our proximity to the Samba Team.
Samba Active Directory allows you to organize your entire network, define security policies for your fleet, control permissions and access rights, all through the same Windows RSAT administration consoles. System administrators familiar with the Microsoft Active Directory environment will not be out of place, while Linux system administrators will find the command line tools to efficiently administer the centralized directory.
Get help from an expert
Driven by the desire to help organizations manage their IT systems, we assist system administrators in their daily tasks. This desire results in a unique expertise on Samba Active Directory in France but also on the development of WAPT, our open source package management tool. The fact that we have obtained ANSSI qualification for our software pushes us to enrich our DevSecOps methodologies.
Within Tranquil IT, we have always wanted to privilege Open Source tools for their reliability, maintainability and especially for the freedom they bring. Choosing Open Source means choosing to save on licensing costs and trusting our experts!
Do you need to secture your computer equipment?
Understanding tomorrow’s challenges
This is the theme of this fourth week of CyberSecMonth. Until 29 October, the debate will focus on the evolution of attacks, which are increasingly sophisticated, elaborate and destructive. Thus, the organisations participating in this European month of cybersecurity will be interested in the issues related to connected objects and artificial intelligence. This is an opportunity to highlight the specialists who integrate digital security into the development of artificial intelligence and connected products. Ensuring the reliability of these technologies is essential to avoid repeating the mistakes of the past.
What you shouldn’t have missed:
Who to follow during the #CyberSecMonth?
Articles not to be missed:
- The EBIOS Risk Manager method: The guide – ANSSI
- Why your smartphone is the weakest link in IT Security – L’est éclair
Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.
"Is this real life? Is this just a fantasy?"Attention, this is not a dream, WAPT 1.8 is (finally) here! Just like you, I have had to be patient before I began writing about the new version; But, it is with great pleasure that I get to present you with newest...
At Tranquil IT, we work on a daily basis with system administrators who are looking for fast and efficient solutions to manage and secure their IT assets, which is certainly why they come to meet us (hello WAPT). And if there is one problem that any AdminSys is likely...
As with many organizations, we took advantage of the calm summer to refocus ourselves on our new projects and recharge our batteries. Now that the September rush has passed, the blog is back in action! I know what you might be thinking after this introduction : " WAPT...