Commenting on reports that the hacker group UGNazi gained access to the billing database of WHMCS – a billing service company used by a number of firms – Lieberman Software says that privilege account management could have significantly reduced the risk that this type of incursion would occur.
The core element of this hack was social engineering, and the core element that needed addressing was the automation of identity verification. The hack points out that automated solutions are generally superior to human based solutions in that they cannot be social engineered (they can’t be told a story). If anything should be behind an automated and secured control, it would be the privileged account management so that this level of access would be not be granted without extensive verification and such access would be granted for a limited period of time and with limited scope.
According to Philip Lieberman, president of the privileged identity management specialist, whilst the hackers used social engineering techniques to persuade WHMCS’ hosting firm to reveal the admin account details – allowing the hacker group to leak around 500,000 records online – privileged account management could have prevented remote access to the account.
“Privileged identity management is all about reducing the risk profile of an organisation’s accounts through a process of only allocating those access functions to a given account that are actually needed. Allied security functions include limiting which IP addresses or workstations can access the small number of admin accounts that have the highest privileges,” he said.
“Put simply this means that high privilege admin accounts are only accessible from specified workstations within a company’s network resource. Had this technology been in place on the hosting company’s computers, then the hackers would have been disappointed, even if they had gained access to the admin account’s credentials,” he added.
The Lieberman Software present went on to say that this security feature is known as administrator access control and is just one facet of an efficient privileged identity management platform, which has other security features such as enterprise password management to further reduce the risk profile of a given enterprise IT system.
You also, he says, have to question why the hosting company did not have a privileged identity management system in place, given the fact that they presumably had a lot of clients.
One of Lieberman’s own clients - Carnegie Mellon University in the US, which has 4,000 staff, 11,000 students and 84,000 former students on its systems – uses managed privileged account technology in order to continuously discover, update and securely store all privileged passwords on the network.
In their privileged identity management system (http://bit.ly/bzrNSm) the problem is dealing with a lot of users and a constantly changing password/access regime that needs a lot of administration, he notes.
By automating the account security process, he explained, the University can get on with its main activities, without worrying about a possible incursion of its systems by hackers – even though they have several tens of thousands of user accounts on their computing platform.
“This is what privileged identity management is all about – the merging of multiple security mechanisms and policies under one smooth-running and automated system. This all helps to reduce the risk profile of the IT systems, as well as enhance the level of security generally,” he said.
“The net result of this security failure by the billing firm’s hosting company means that the reputation of the firm has taken a hit – and may even result in legal action. And all for the want of a good privileged identity management system,” he added.
For more on Lieberman Software: http://www.liebsoft.com
For more on the UGNazi database hack: http://onforb.es/KfflVi
ENDS (500 words)