Solved

Read-only access for auditors

Posted on 2016-11-06
5
76 Views
Last Modified: 2016-11-11
What's the industry practice on granting read-only access accounts to
auditors ?  Or generally request are sent to IT Ops who will extract it
& send to them?

I guess the lowest privilege account in Windows can still make changes
to the systems but for certain appliances (eg: proxy, AV EPO, IPS), any
risk of inadvertent changes being made?

I'm assuming the auditors are not trained (or semi-trained) in the specific
platforms / products only
What about UNIX Solaris & AIX?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 41876262
Certainly there's a concern that auditor dig too much info which
creates unnecessary overheads
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 150 total points
ID: 41876339
Depends upon the audit and what you are being audited on. A licensing audit may ask for a tool to be run that enumerates the machines and compares the count of specific software against your purchase records.

A PKI audit may examine your policies and setup (which is why we use powershell scripting so we can just show them the script vice having them hover behind us while we type in commands) and you can show them logs that you are actually performing the policies.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 350 total points
ID: 41876632
I was thinking if we really need to even issued machine for auditor to access and view or we can have admin grab the required for their sighting of evidence. In other words, they do not have direct access.

By default, most of the "configuration" settings you want to view are only accessible at all to administrative users, who can also modify them. So to create a read-only user that can access everything, you're basically looking at modifying everything (file system, registry, application permissions) to add read-only access for a given user.

Have the auditors request information from the admins.  if necessary, auditors watch the admins retrieve the required information. Even an adhoc account or time based expiry restricted account still need certain privileged group membership, which most of the time is not comfortable with the auditee. There is need to manage the auditor as their role is to sight evidence to proof claim of compliance. The adequacy of control is separate matter to review the security report which can be sighted Offline based on sampling.
0
 

Author Comment

by:sunhux
ID: 41877186
Guess for Windows, you'll need administrative priv to view many items.

But for AV EPO (incl Deep Security) & Cisco switches/routers, you don't need
admin privilege to see most of the info.  Going to be quite a justification to
stop such a request for readonly account.

To me, an untrained person will keep asking lots of questions & this is
highly disruptive to work/normal operations
0
 
LVL 62

Accepted Solution

by:
btan earned 350 total points
ID: 41877247
Yes for Windows, at least in those privileged group for authorised membership.

Yes for other non-Windows like the network device, there is not necessary for admin but they also have some level of access between user EXEC mode (level 1) and privileged EXEC mode (level 15). This is as per the principle of least privilege — only give access to what's necessary and no more. So in this case, it can be the case the command allow for auditor has the lowest level and they will not be able to run other privileged commands.  The command depends on what they ant to see which you can allow then.

No matter what auditor access if granted will still be logged. The log is to proof they are not doing more that they should be. There is no access to external storage and anything to be read is onsite for sighting and nothing brought out of premise unless approved.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question