Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Read-only access for auditors

Posted on 2016-11-06
5
Medium Priority
?
143 Views
Last Modified: 2016-11-11
What's the industry practice on granting read-only access accounts to
auditors ?  Or generally request are sent to IT Ops who will extract it
& send to them?

I guess the lowest privilege account in Windows can still make changes
to the systems but for certain appliances (eg: proxy, AV EPO, IPS), any
risk of inadvertent changes being made?

I'm assuming the auditors are not trained (or semi-trained) in the specific
platforms / products only
What about UNIX Solaris & AIX?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 41876262
Certainly there's a concern that auditor dig too much info which
creates unnecessary overheads
0
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 600 total points
ID: 41876339
Depends upon the audit and what you are being audited on. A licensing audit may ask for a tool to be run that enumerates the machines and compares the count of specific software against your purchase records.

A PKI audit may examine your policies and setup (which is why we use powershell scripting so we can just show them the script vice having them hover behind us while we type in commands) and you can show them logs that you are actually performing the policies.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1400 total points
ID: 41876632
I was thinking if we really need to even issued machine for auditor to access and view or we can have admin grab the required for their sighting of evidence. In other words, they do not have direct access.

By default, most of the "configuration" settings you want to view are only accessible at all to administrative users, who can also modify them. So to create a read-only user that can access everything, you're basically looking at modifying everything (file system, registry, application permissions) to add read-only access for a given user.

Have the auditors request information from the admins.  if necessary, auditors watch the admins retrieve the required information. Even an adhoc account or time based expiry restricted account still need certain privileged group membership, which most of the time is not comfortable with the auditee. There is need to manage the auditor as their role is to sight evidence to proof claim of compliance. The adequacy of control is separate matter to review the security report which can be sighted Offline based on sampling.
0
 

Author Comment

by:sunhux
ID: 41877186
Guess for Windows, you'll need administrative priv to view many items.

But for AV EPO (incl Deep Security) & Cisco switches/routers, you don't need
admin privilege to see most of the info.  Going to be quite a justification to
stop such a request for readonly account.

To me, an untrained person will keep asking lots of questions & this is
highly disruptive to work/normal operations
0
 
LVL 65

Accepted Solution

by:
btan earned 1400 total points
ID: 41877247
Yes for Windows, at least in those privileged group for authorised membership.

Yes for other non-Windows like the network device, there is not necessary for admin but they also have some level of access between user EXEC mode (level 1) and privileged EXEC mode (level 15). This is as per the principle of least privilege — only give access to what's necessary and no more. So in this case, it can be the case the command allow for auditor has the lowest level and they will not be able to run other privileged commands.  The command depends on what they ant to see which you can allow then.

No matter what auditor access if granted will still be logged. The log is to proof they are not doing more that they should be. There is no access to external storage and anything to be read is onsite for sighting and nothing brought out of premise unless approved.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question