5.5 Manage the identity and access provisioning lifecycle

  • Account access review (user, system service)
  • Provisioning and deprovisioning (on/off boarding and transfers)
  • Role definition (people assigned to new roles)
  • Privilege escalation (managed service accounts, use of sudo, minimizing its use)

Identity and Access Provisioning Lifecycle

How do we create, manage and delete accounts?  We must have a process and we must have a policy.

  • Provisioning – how do we create the accounts and what privileges do we assign each one.? We must protect this function or else unauthorized users can create accounts and give themselves access.

    • There must be a procedure to enroll a new account and establish factors to authenticate the user

    • The enrollment procedure must be proper.  We must confirm the legal identity of the user.  We might perform background checks and verify identification.

    • HR might place the request for the account after the user is hired

    • If there are many users, we might control access via groups.  Then we must make sure that the user is assigned to the correct groups.  A user is assigned to groups based on his role in the organization.

    • The user must agree to the acceptable use policy before being given the account

  • System Accounts – we may need to create accounts for specific system services or applications

    • An administrator’s approval should be required

    • The accounts should have only the specific privileges required by their application

    • We should create a separate account for each application.  Applications should not share accounts.

    • The accounts should be reviewed regularly.

  • Maintenance – can we verify that this user still requires access to all the privileges required, and take away the ones that are not required?

    • Creeping privileges – when the user account slowly accumulates privileges because new ones are given as job descriptions change, but older ones are not taken away

    • We can disable inactive accounts automatically

  • Revocation – we should disable the account when the user is terminated

    • We should disable the account before we tell the user – maybe during the exit interview, so that they cannot cause damage

    • We might not delete the account because we want to retain the data

    • We might set an automatic expiry date on the account for a short-term user

sudo is a UNIX command that allows a normal user to execute a privileged command as if he was a root user.  The problem with sudo

  • People run commands with sudo when they don’t need to.  Some commands do not need to run under the privileged mode.  The privileged mode exposes the system to risk if there are bugs in the system.

  • When you type sudo, UNIX gives your regular user account privileged access for 15 minutes.  During this time, you can run dangerous commands without needing to type in your password.