Within the security world, we frequently try to implement the principle of least privilege. For example only the users who absolutely require root or administrator access to complete their job function are granted these permissions. The concept is that the fewer the number of high level accounts, the less of a chance that someone will go rogue or that a critical account will become compromised. This also helps with separation of duties, which can help ensure that a single account cannot both jeopardize critical data as well as cover its tracks. Further, these concepts are critical steps if you are bound by PCI DSS, HIPAA or similar standards.
Of course all this seems to go out the window when we talk about the access required by security personnel. For example auditors may require high level access to verify configuration settings, access granted to other user accounts, etc. As a security professional for the last 20 years, I could never imagine effectively doing my job without being granted high level access to the servers under my care…until now. Leveraging Halo I’ve found that I can manage server security without the need of maintaining even a basic user account on any of the servers under my protection.
The Halo Model
Halo runs as a small daemon on each server being protected. As the security professional charged with maintaining compliance on these servers, I interact with Halo via the online Portal. Since I never interact with one of my servers directly, I’m not required to maintain a user account. So while in the past I may have required root level access on all my servers, with Halo I do not require any kind of user account at all. This means that if my servers contain Personally Identifiable Information (PII), Protected Health Information (PHI) or similar, I am properly segregated and do not have access to it.
Validating Server Configuration
Halo’s configuration scanning module gives me the ability to validate the configuration settings of all installed software. I can audit which applications are installed, which processes are holding open listening ports, file level permissions and even configuration settings. For example if corporate policy states that only SSH protocol 2 should be used for communications, Halo can tell me which servers are out of compliance.
Halo’s software vulnerability module can validate that all installed software is patched and up to date. When an application is found to be vulnerable, CVE and NIST data is provided so that a proper risk analysis can be performed.
Identifying who has access to which servers is critical to maintaining security. Further, you need to be able to quickly identify which accounts have high level system access. Halo’s server access module makes quick work of these tasks, again without requiring me to maintain a login on any of the servers I’m charged with auditing.
File Integrity Monitoring
Out of all the functions I can perform on a server without the need of a user account, I think being able to monitor file integrity is the one I’m blown away by the most. With legacy integrity management tools, you need shell access to the server being protected to at least properly configure the tool, if not to review the results as well. Again, Halo’s file integrity monitoring module permits me to identify which files and or directories I wish to monitor, as well as review the results, without the need of ever connecting to the server directly.
I have to admit, there has been a number of times in my past where I’ve felt that I’ve failed to “walk the walk” as I’ve preached least privilege access, while in the same breath claimed to require full permissions on every server under my charge. Halo gives me the ability to effectively execute my duties while at the same time being a proper example of least privilege.