Securing administration #CyberSecMonth

by | Nov 13, 2018 | CyberSecMonth, News & Events

CyberSecMonth is coming to an end,and we hope you have read a lot of relevant articles and interesting computer graphics. On our side, we still have a few CyberAdvice to share with you and we are counting on the most greedy of you to be present at our meetings (every Monday, Tuesday and Thursday)!

Secure the administration to manage your park with piece of mind

As administrators, you must be particularly vigilant when performing administrative actions. Indeed, it is essential to guarantee the safety of these actions to ensure the integrity of the park and the system. Poor management of administrative rights can have very serious repercussions for an entity.
secure administration graphics
The security of the information system depends on the proper management of administrative rights. There are many good practices and solutions to ensure that you can act safely and without compromising the organization.

How to act without risk?

Isolate the administration from the rest of the system:

Workstations and servers used for administrative actions must not be able to access the Internet, as surfing the web can present risks in terms of cybersecurity. Administrators who need access to the Internet must do so from a different workstation. The use of office automation tools must be done via a remote virtualized machine to guarantee the integrity of the network. The administration network allows to connect the administration workstations and servers and the equipment administration interfaces. It is necessary to partition the administration network of the employees’ office automation network to avoid compromise by bouncing from a user workstation. It is recommended to set up a physical partitioning of the networks or a cryptographic partitioning thanks to the installation of Ipsec tunnels to ensure the integrity and confidentiality of the information. If these actions prove impossible to implement, it is still important to create at least one partitioning by VLAN.

Restrict administration rights:

It is common for some employees in organizations to want additional privileges on their workstations (software installation, system configuration, etc.). A user, regardless of his or her hierarchical position, should not be granted these administrative privileges since he or she could be the source of malicious code execution. It is recommended to have an application store that meets security criteria defined by the entity to meet most employee needs. It is still possible to grant administrative privileges to a user, but this practice must be exceptional, tracked and limited in time (and therefore verified and updated later). In addition, these administrator accounts should only be used for administrative actions and not for daily use. It is therefore necessary to create registered administration accounts such as gbouchard-admin in order to keep a registered history of the park’s administration shares.

WAPT and Samba-AD, your strongest allies!

Application deployment with WAPT

WAPT is a software deployment tool for Windows that automates fleet management through its centralized management console. Our solution allows you to install, update and uninstall software and configurations with reliable and instant feedback. This way, you can remotely schedule your software deployments without disturbing your users. WAPT also allows you to provide your users with a software store validated by you by following your security policies. Your users with restricted rights will therefore be able to install from a store the software they want in complete security. WAPT’s security has been recognized by ANSSI, which has awarded it the standard qualification for the Enterprise version (1.5) of the software. As part of the security of the administration, WAPT is able to ensure the management of rights. Thanks to its package signing system, only the administrator can deploy packages on the park, it is impossible to take any administrative action without a signature key. It is also possible to differentiate the roles of console administrators, so those in charge of deploying packages will not be able to create them and risk compromising the infrastructure. Indeed, WAPT allows you to easily create your own packages thanks to the Wizard package. It is also possible to visit our store, which has more than 1,000 packages, to download a package securely, edit it if necessary, test it on an isolated machine and finally deploy it throughout the park.
Do you need to quickly deploy software and configurations on your fleet?

Samba Active Directory, the Open Source alternative

Tranquil IT is the first Samba Active Directory integrator in France. Our expertise of more than 13 years on Samba allows us to effectively perform IT asset audits, Active Directory migrations, domain mergers and datadock certified training. We have carried out more than 270 projects thanks to our proximity to the Samba Team. Samba Active Directory allows you to organize your entire network, define security policies for your fleet, control permissions and access rights, all through the same Windows RSAT administration consoles. System administrators familiar with the Microsoft Active Directory environment will not be out of place, while Linux system administrators will find the command line tools to efficiently administer the centralized directory.

Get help from an expert to secure the administration of your IT park

Driven by the desire to help organizations manage their IT systems, we assist system administrators in their daily tasks. This desire results in a unique expertise on Samba Active Directory in France but also the development of WAPT, our open source package management tool. The fact that we have obtained ANSSI qualification for our software pushes us to enrich our DevSecOps methodologies. Within Tranquil IT, we have always wanted to privilege Open Source tools for their reliability, maintainability and especially for the freedom they bring. Choosing Open Source means choosing to save on licensing costs and trust our experts!

Do you need to secture your computer equipment?

Understanding tomorrow’s challenges

This is the theme of this fourth week of CyberSecMonth. Until 29 October, the debate will focus on the evolution of attacks, which are increasingly sophisticated, elaborate and destructive. Thus, the organisations participating in this European month of cybersecurity will be interested in the issues related to connected objects and artificial intelligence. This is an opportunity to highlight the specialists who integrate digital security into the development of artificial intelligence and connected products. Ensuring the reliability of these technologies is essential to avoid repeating the mistakes of the past.

Articles not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.