April 25, 2001, 1:27 PM — This has been a rough week. It all started when I decided that I needed to lock down administrative access to our production network. Unfortunately, all didn't go according to plan.
My company's hosted application lives on approximately 50 servers that reside in a data center on the other side of town. Our production environment is considered critical; therefore, administrative access to these machines must be strictly controlled.
However, prior to my arrival at the company, everyone from the remote sales offices to the corporate marketing department had direct administrative access to the production environment. This was unsatisfactory, as only about 25 employees need access to this environment. I had no doubt that unrestricted access would eventually lead to problems -- a very scary and potentially career-ending situation for any security manager.
I contemplated a variety of methods to control administrative access before settling on this one: I would funnel all administrative access to the production servers through a single point. That point would be the "gateway," a highly secured server that would reside on its own segregated network. I built two Unix servers and called them Gateway 1 and Gateway 2. Gateway 1 would be the primary server, while Gateway 2 would function as a spare. Then I locked the servers down, stripping them of unnecessary services such as Telnet, file transfer and e-mail.
Next I installed the Ace/Agent for SecurID token-based authentication from RSA Security Inc. in Bedford, Mass. SecurID tokens provide two-factor authentication. In other words, after users provide a valid user identification and password to a system, they must then input an additional level of authentication that consists of a personal identification number followed by the number displayed on the SecurID token. The displayed number changes every 60 seconds and is tied to a central server I've installed on a protected secure network, rightfully dubbed SecNet. In addition, I installed the latest commercially supported version of Secure Shell (SSH) for encrypted administration.
Then I installed a little freeware utility called Idled (pronounced idle-dee). Idled is really cool. One of my fears is that an administrator will get access to Gateway 1 and then leave for lunch or for the night without logging out of the system. If the user isn't using a password-protected screen saver, then it would be easy for someone, such as a cleaning person, contractor or disgruntled employee, to walk up to that person's desktop and access the production environment. Idled tracks idle sessions and times them out after a specified interval.
