Tuesday, May 05, 2009

Security is a Button Press Away

Sometimes I completely fail at picking an image for a post. This is not one of those times.
Seeing as how our big damn government audit (BDGA) is underway, I thought I'd take a moment to share a little bit about the methodology involved in looking at a computer and declaring it "horrible" or "adequate".
There is a giant building somewhere. I imagine it is gray with long vertical windows which are perpetually dark. Deep within this vault-like structure is a room with a couple of Windows XP workstations and possibly a Windows 2000 server with a database on it.
Tending to these machines is a small group of nerds. I use that term with affection. On some level, these are my people. On another level, they are only there day after day in the interest of getting a check. Come to think of it, they are my people on that level as well.
Their job is never-ending. Their responsibility is to develop a check for every existing security vulnerability and add that check to an executable program. This is stored on a "Gold Disk" which is distributed to companies with an interest in also getting checks from the government.
When this CD is inserted into a computer and run, it produces a complete listing of every security issue up until about a month ago. This disk is constantly updated.
When we are advised of new requirements in security, we analyze the systems and determine applicability, then schedule testing for the changes we think are necessary to bring us back into compliance.
This is a time-consuming process which involves interaction with our users. Thankfully, all user interaction is handled by a separate entity, the Testing Coordinator.
Anyway, one day a copy of this disk was given to Management.
He noticed that there was an additional button at the top of the main screen. "Remediate" the button read.
"Why aren't the security guys just hitting that button? Why do they even waste time with the "scan" button at all? One button remediation is the key to our compliance issues forever."
There is indeed a "remediate" button. And pressing that button will put in place on the effected machine every setting on the disk.
And so it was proclaimed that a script would be written to deliver the payload of the "remediate" button to a group of computers. It was not proclaimed to me, or I'd have giggled a lot while carrying out the directive.
The reason we don't use the "remediate" button . . . The reason no one uses it . . . Is that it works too well. Every setting. Every security option. No exceptions. No exclusions.
The immediate effect is that user logons are disabled, since allowing people to log in to a computer is certainly a compromise of security.
Remote administration is disabled, since that, too is an issue.
Permissions are set on the file system disallowing remote connections and locking out everyone but the local administrator. That account is automatically renamed to something else and the password is changed - Also in the name of security.
A number of other settings take effect before the system is too locked down for the script to continue to run.
The end result, in this case, is that every computer touched by the "remediate" button script was instantly only part of the infrastructure as decoration.
They all needed to be formatted and re-installed before they could be used again.
There is a button for "scan" and there is a button for "remediate". There is no button for "holy crap undo undo!"
Manually reviewing the security findings with the use of this disk is part of the job.
Using the "remediate" button on the computers of people who annoy me is just a bonus.

No comments: