That said, it is clear that Childs managed to create an environment in which he was the only individual with administrative...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
access to critical network devices. This is a good example of someone misusing the powerful credentials provided to an administrator, and an organization either not setting -- or not enforcing -- security policy that prevents this type of single-person control.
An enterprise should take two steps to ensure it doesn't fall victim to the same type of ransom attack that Childs perpetrated on San Francisco. To start, create an access policy and verify that administrators are following it. It's inexcusable for a system administrator to possess the only administrative password to any type of device and not have provisions to share it with others. What if Childs were incapacitated or otherwise unable to return to work?
There's one common practice I've seen in many enterprises, and it's fairly low-tech: administrators simply write the password on a piece of paper, seal it in an envelope, sign the back of the envelope and place it in a safe accessible to management. In the event of an emergency, management can retrieve the password from the safe. Administrative passwords are automatically changed after any such use. To ensure that administrators are following this policy, management periodically selects a random sample of systems, retrieves the passwords for them from the safe and attempts to log in to the server, confirming that the password is accurate.
Dig Deeper on Enterprise User Provisioning Tools
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.