Symptoms of Broken Authentication & How to Prevent it?
If you're sick, you can choose to treat the disease... or do nothing. But What if you don’t know you’re sick??
When you’re sick, you can choose to:
Treat the ailment
Ignore it and hope it goes away.
What if you don’t know you’re sick??
In this guide, I will help illustrate some common symptoms in the security world.
As I’m writing this, I think this list can be pretty long, so I’m just going to focus on one for now, feel free to comment with other symptoms of diseases you’ve see in the field!
The point though, as with everything in this publication, is to create awareness. Hopefully that awareness will lead to action and better security in your world.
Symptoms of Broken Authentication
Common symptoms of broken authentication at an organization are:
Users are sharing accounts
Passwords stored in spreadsheets, w/defaults everywhere
People no longer with company with access to production resources
Too many admins or super-users
People regularly logging in as root
Secondary Symptoms Of Broken Authentication
If untreated, broken authentication can cause additional harm or risk to the system, including but not limited to:
Loss of customer or company data
Lack of accountability of actions
Misconfiguration of resources by untrained people
Note: Secondary Symptoms may be visible or invisible to the naked eye and may take months or years to detect. Consult with your security operations person for more.
If you are experiencing 1 more of these symptoms, you can take some over the counter medicine.
If you are experiencing 4 or more symptoms, please seek professional help.
Prevention or Remedies To Broken Authentication
Broken Authentication is a preventable disease. There are multiple remedies available today that range from process improvement, training, and 3rd party solutions. Consult with your leadership team on what’s best for you.
Create roles at your organization based on the least privilege model
Create user accounts for all individuals
Create service accounts
Get a password manager
Add checks and balances to your offboarding
Conduct access reviews
Get a single sign on solution
Uncovering security issues in an organization, or any problem for that matter, is the first step towards a solution. However, if you don’t know what the problem is, or the scope of it, then how can you fix it.
If you decide to not fix it, well it’s on you and that’s ok, as long as you’re making an informed decision and appropriate stakeholders know about your decision.
Thanks to the Mayo Clinic and the CDC for inspiration!
Thanks for reading Last Week As A vCISO! Subscribe for free to receive new posts and support my work.