A natural conflict often arises between system administrators and the security team.
Sysadmins like building new stuff and the security team sees another hole. The security team likes rapid patching, but sysadmins worry about insufficient testing. Sysadmins don’t like long complicated passwords, but the security team knows how effective rainbow tables and dictionary attacks can be.
The list is long.
So how can you make a sysadmin happy today? Despite the conflicting priorities, look a little deeper and you’ll find plenty of shared goals.
Here are a few areas you may be able to help and next time you need something urgent from a sysadmin, you might find the favour’s returned.
Help retire something
Most organisations have some old system which everyone’s scared to turn off. Either they don’t know exactly what it’s doing or a handful of users need it for some obscure function.
Sysadmins hate these things. They’re generally running on old hardware with old operating systems. Modern system management tools don’t work with them. Keeping them ticking over is error prone and long winded. They’re also nearly always poorly patched and built to outdated security standards. Great fodder for an attacker.
Turning off a machine and wiping the discs is pretty effective risk mitigation. A conversation with the right people about the risks might be all that’s needed to send it off to the scrapyard and make a sysadmin’s day.
Read a few stories of system compromise and a common theme emerges. The first alarm bell is very often an alert sysadmin spotting something “unusual” on a server.
It may be a network utilisation warning on an interface, or a usually-quiet server seeing a lot of activity. Sysadmins develop a pretty intricate knowledge of their systems and have a keen eye for deviations from the norm.
But all this is only possible if they’ve got the right tools. And of course the board is far more interested in the new website than the neglected monitoring system.
This leaves sysadmins fighting for budget and time to maintain the eyes and ears of their operation. A little help securing some funds, a hardware donation or some manpower could go a long way towards helping them help you.
Improve your asset database
Closely related to monitoring, you may find that the best asset database in the company isn’t the expensive one that came with your finance system. It may track hardware well but does it really tell you where your important information assets are?
If it doesn’t, take a look at the monitoring system. It’ll likely be maintained because it will – by design – make a lot of noise if a sysadmin forgets to update it before moving or retiring a system.
It may also give you an idea of system importance. This usually isn’t too far away from the security importance of a system.
Finally, if you’re lucky, it’ll track which systems belong to which applications. This is all the kind of data which are critical to prioritising the security events coming from your systems.
Unfortunately, no asset database is ever kept up-to-date without a lot of hard work. A joint effort to maintain and improve it could be of benefit to everyone.
Well-maintained systems are secure systems. Good configuration management tools with broad coverage are essential for security operations.
It may not be possible to patch a vulnerability immediately but if it’s an unused feature, then a simple change might just be able to turn it off instead. The bad guys don’t spot and exploit holes manually – they have powerful tools.
If you’re fixing holes on a per-machine basis then you’ve not got a chance. Likewise, if you need to prove to an auditor that you’ve implemented a policy, he’ll be far more assured if you’ve got the tools to enforce and prove it.
You’ll probably spot a common theme to all the above.
A well-functioning IT department which invests appropriately in internal and unsexy management systems is far better placed to defend itself against attack.
If you’ve got some slack in your security project, rather than spending on the latest and greatest over-hyped technology, it may well be better spent helping your sysadmins keep the house in order.Follow @NakedSecurity