262-299-4606 • Email us

ADMIN BY REQUEST BLOG

Pack the Essentials: The Minimum Cyber Security Requirements


Pack the Essentials: The Minimum Cyber Security Requirements

By Steve Dodson


Many countries have set out minimum cyber security requirements that government and other agencies should meet to ensure a common, high level of security. Learn how Admin By Request supports these requirements.



No - not into your suitcase.

There hasn’t been a whole lot of travel going on due to the restrictions and lockdowns in place amidst the Covid-19 pandemic, but while you won’t be getting to pack the usual critical items into your suitcase (toothbrush, socks, razor – you know the drill), you can still pack the essentials into your business network.

In fact, several governments across the globe have now said you must pack your network with these essentials, outlining mandatory security measures that organisations need to have in place to ensure – for want of a better phrase – a smooth trip.

Pre-Flight Checklist – For the Network

Denmark, the United Kingdom and Australia have all set out minimum cyber security requirements that government and other agencies should meet in order to ensure a common, high level of security:

All are broken up into similar categories relating to clients, malware protection, access management, and responding to threats, among others, and within each of these categories are various security measures to ensure adequate cyber security.

Some of these standards are mandatory: The Danish Minimum Technical Requirements. Many requirements within this scheme became compulsory as of January 1st this year, while the deadline for several others is fast approaching on July 1st, 2020.

Others are simply recommended by the government as the standards that should be met – or ideally, exceeded – in order to establish and maintain a safe IT system.

In the UK, the government-backed Cyber Essentials scheme enables organisations to gain one of two badges which identify them as having a high-level of security and protection from cyber threats.

The UK’s MCSS along with the Australian Strategies to Mitigate Cyber Security Incidents are in place to help government departments and other organisations prepare for, respond to, and recover from cyber attacks.

Landing on Common Ground

Just as every travel suitcase contains the same essential items: deodorant, a good book and a cosy pair of pyjamas (okay, so the book and PJs aren’t 100% essential, but they will make your life a whole lot better), all of the schemes described above identify more or less the same minimum requirements and agree that these standards set the benchmark for cyber security.

Several of these technical requirements take more of the spotlight than others, being heavily mentioned across all four standards.

Such is the case for the following three:

  • Managing Administrator Privileges
  • Malware Protection
  • Logging Activity

These practices are frequently emphasised as being an essential and integral part of a safe IT system.

See the table below for excerpts from each government scheme that refer to these three common essentials:


 

Denmark

Minimum Cyber Security Requirements

United Kingdom

Cyber Essentials

United Kingdom

Minimum Cyber Security Standard (MCSS)

Australia

Strategies to Mitigate Cyber Security Incidents

Admin Rights

Administrative rights for users are granted only for a limited time and with well-documented needs.

 

The majority of malware requires administrative rights on the PC to be installed. Therefore, to prevent the risk of malware spreading, users should not have administrative rights unless there is a proven business need.

 

Must be implemented on: July 1, 2020

To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.

 

Administrative accounts

 

Check what privileges your accounts have - accounts with administrative privileges should only be used to perform administrative tasks.

Standard accounts should be used for general work.

 

By ensuring that your staff don’t browse the web or check emails from an account with administrative privileges you cut down on the chance that an admin account will be compromised.

 

This is important because an attacker with unauthorised access to an administrative account can be far more damaging than one accessing a standard user account.

 

Cyber Essentials Certification requires:

That you control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled.

 

Identify:

 

The need for users to access sensitive information or key operational services shall be understood and continually managed.

 

Users shall be given the minimum access to sensitive information or key operational services necessary for their role.

 

Protect:

 

Access to sensitive information and key operational services shall only be provided to identified, authenticated and authorised users of systems.

 

Users and systems shall always be identified and authenticated prior to being provided access to information or services. Depending on the sensitivity of the information or criticality of the service, you may also need to authenticate and authorise the device being used for access.

Restrict administrative privileges to operating systems and applications based on user duties.

 

Regularly revalidate the need for privileges.

 

Disable local administrator accounts … to prevent propagation using shared local administrator credentials.

Malware Protection

Endpoint protection must be implemented against viruses, malware, etc. with automatic updating on all clients.

 

The use of continuously updated endpoint protection ensures known viruses, malware, etc. cannot be run on the workstation.

 

Most endpoint protection programs also check for abnormal application behaviour.

How to defend against malware

 

Anti-malware measures … should be used on all computers and laptops.

 

Whitelisting can also be used to prevent users installing and running applications that may contain malware.

 

Sandboxing. Where possible, use versions of the applications that support sandboxing.

 

Cyber Essentials Certification requires:

That you implement at least one of the approaches listed above to defend against malware.

Detect:

 

Departments shall take steps to detect common cyberattacks.

 

Any monitoring solution should evolve with the Department’s business and technology changes, as well as changes in threat.

 

Attackers attempting to use common cyber-attack techniques should not be able to gain access to data or any control of technology services without being detected.

Non-persistent virtualised sandboxed environment, denying access to important (sensitive/high-availability) data, for risky activities (e.g. web browsing, and viewing untrusted Microsoft Office and PDF files).

 

Antivirus software using heuristics and reputation ratings to check a file’s prevalence and digital signature prior to execution.

Use antivirus software from different vendors for gateways versus computers.­­­

 

Antivirus software with up-to-date signatures to identify malware, from a vendor that rapidly adds signatures for new malware.

Use antivirus software from different vendors for gateways versus computers.

Activity Logging

Logging requirements.

 

Log on all systems and services on network servers.

 

Provides a prerequisite for the discovery and investigation of various security incidents.

 

Detect:

 

Departments shall take steps to detect common cyberattacks.

 

Any monitoring solution should evolve with the Department’s business and technology changes, as well as changes in threat.

 

Attackers attempting to use common cyber-attack techniques should not be able to gain access to data or any control of technology services without being detected.

 

Digital services that are attractive to cyber criminals for the purposes of fraud should implement transactional monitoring techniques from the outset.

Continuous incident detection and response with automated immediate analysis of centralised time-synchronised logs of allowed and denied computer events, authentication, file access and network activity.

Managing Administrator Privileges

- Organisations should implement POLP – The Principle of Least Privilege: users should only be granted the bare minimum privileges necessary to perform their function.
- Organisations should implement JITJust-in-Time elevation of privileges: users should only be granted administrator privileges when and where they need it, rather than having long-term access.
- Users should have to prove their need to use administrator rights before they are authorised to do so.
- Users that do need administrator privileges should be controlled and managed.

Malware Protection
- More than one anti-malware solution should be implemented on all clients.
- Sandboxing environments should be used wherever possible.
- Whitelisting solutions should be used wherever possible.
- Anti-malware solutions should use a variety of prevention and detection techniques and should be updated regularly.

Logging Activity
- Logging should be used on all systems within the network.
- Logging should be able to detect any attack attempting to gain unauthorised access or control.
- Logging should capture activity such as approved or denied events, file access and network activity.

How to Pack Efficiently and Effectively

Admin By Request is a Privileged Access Management (PAM) solution that packs all three of these essentials into one clean, compact, easy-to-carry (or deploy, in this case) bag.

Here’s a checklist of everything you get with Admin By Request to enable you to more easily meet the minimum cyber security requirements:


 

Admin By Request

 

Admin Rights

POLP – The Principle of Least Privilege

Admin By Request allows you to revokes admin rights and choose who gets what access, based on the needs of different users and groups of users. Access can range from very strict to lenient, depending on your settings and sub-settings with the software’s user portal.

 

JIT – Just-in-Time Elevation

Admin By Request implements Just-in-Time access, with the options to:

  • Run as Administrator – The user does not have privileged credentials, but they are able to request and run an application with administrative permissions, and
  • Request a Full Session elevation, which gives a user administrative privileges on their device for a set amount of time. When the time is up, so is the user’s ability to run processes as administrator.

 

 

 

Proof of Need

Admin By Request requires the user to provide a reason when they want to either Run as Administrator, have a Full Session elevation or gain admin access via Admin By Request’s fourth elevation method: a one-time-use PIN provided directly by an IT admin.

 

 

Control and Management

Once deployed, Admin By Request allows for the management of thousands of end users with a friendly online user interface within the software’s user portal, which contains easily-to-manipulate global and sub-settings and other management tools (described further on). As well as requiring Proof of Need, you can also configure settings to require explicit approval before the user can gain administrator access.

 

 

Malware Protection

Multiple

Anti-malware Solutions

Admin By Request has integrated Opswat’s MetaDefender Cloud which uses over 30 anti-malware engines to prevent and detect cyber security threats. The malware detection rate of th­e MetaDefender Cloud is 99.02%.

 

Sandboxing Environment

Admin By Request guarantees secure software installs by supporting a sandbox environment. When users try to install software, Admin By Request intercepts the process and installs the software under a full audit trial, ensuring it is safe before any damage can be done or changes can be made to the machine.

 

 

Whitelisting

Pre-approval, Admin By Request’s whitelist solution, allows you to enable users to run commonly-used applications that you know are safe without needing to gain full local administrator rights to their system. This ensures productivity isn’t hampered and your users stay happy.

 

Up-to-Date Anti-malware That Uses a Range of Techniques

Opswat keeps its partners informed with the latest updates, meaning you’ll stay safe with up-to-date anti-malware software. The MetaDefender Cloud uses a variety of techniques to detect and prevent malware, including signature-matching, heuristics and machine learning technology.

 

 

Activity Logging

Learning Mode

Admin By Request allows you to enable Learning Mode when you first deploy the software on your system. Users still operate the same way they always have, but everything they run as administrator is logged in the Learning Mode Collection. This enables you to monitor activity and easily whitelist the necessary applications so that productivity isn’t hampered when it comes time to revoke admin privileges.

 

 

 

Auditlog

Every time a user requests administrator rights using one of the elevation methods, the activity that takes place during these processes and sessions is logged in the auditlog of the user portal. This allows you to monitor activity and detect any potential foul play, such as an attempt at privilege escalation.

 

Real-time Requests

User requests for admin access are sent in real-time to the Admin By Request user portal to be viewed and either approved or denied (if you have Require Approval set to on).

 

Mobile Application

As well as a web interface, Admin By Request provides a mobile app which allows you to view the auditlog and view / approve / deny requests for admin access from any location.

 

 


Conclusion

There is a long list of critical items that are necessary for the smooth sailing of your business, but Admin By Request can help you gear up by packing a huge chunk of these essential requirements into one compact bag.

And to boot: any time you can show customers that you have these essential security measures in place within your organisation, they will be reassured and much more keen to embark on the journey with you - even if it is a virtual journey.

Interested in Admin By Request?

Feel free to reach out to us for a discussion on how we can help you.

OTHER CYBERSECURITY BLOGS