Data breach, access management, user access control, network segmentation, security audits, GDPR, phishing, vulnerability scan
Reader
Abstract
Extract
of 4
Abstract
This document discusses the importance of access management in preventing data breaches, citing examples of major incidents and proposing measures such as user access control, network segmentation, and regular security audits.
Extract
[...] In the case of a self-hosted SI, the critical point I will first examine is access management. More precisely, I will first focus on the proper application of the principle of least privilege. From there, several things need to be checked. First, no account should have excessive rights. Then, it is essential to verify that access is well limited according to the users. From there, it is necessary to make a point between the missions of the people and the accesses they have to the data. [...]
[...] I will then bring up the issue of legal responsibilities by mentioning the GDPR. Access to personal data should be limited only to authorized individuals. In the event of a leak, the CNIL will inevitably take into account the absence of access control. To convince the client, I think it would also be interesting to show concrete examples of major incidents. I could then mention the cases of Capital One or Marriott where the leaks were directly linked to errors in access management. [...]
[...] Next, a strict network segmentation could have been implemented. In fact, the data server should never be directly exposed to the Internet. To limit the risk, it would have been necessary to review the architecture by making a layered architecture with a access zone (front-end), an application zone, and a data zone segmented. Fourthly, a regular analysis of the exposure surface or a vulnerability scan would have been necessary. In fact, an automated security audit would have allowed revealing the involuntary exposure of the component. [...]
[...] Both being not very vigilant and thinking they need to reconnect, the employee enters all their credentials, which are intercepted by the attackers. Thanks to this, the pirates are able to access the intranet or the CRM of the Internet Service Provider where the customer data is located. They only need to extract them in bulk without being detected since they pass through the credentials of someone inside. Several protections could have been put in place to prevent this. In the first place, a stronger identification could have been put in place. [...]
[...] It is deployed in production with a default configuration, without authentication, and accessible from the Internet. During deployment, the configuration was forgotten or modified by error without verification. The attacker performs a port scan. He can do it for example with Shodan. He finds the server and easily and freely finds all the data. There are several possible and feasible protections to prevent this problem from existing. Firstly, an update of the components and a management of vulnerabilities can be considered. [...]
