Effective protection against unauthorized network access or use of information requires strong control over user identities, access, and information use.
User Access Control policies and practices are critical to impeding an insider’s ability to use the organization’s systems for illicit purposes. IT Departments must ensure that each user in their organization can only log-in according to the pre-authorization that has been granted.
Unfortunately this is usually not the case.
Regulatory Compliance a key driver for change
The lack of some fundamental access session controls in native Windows Active Directory leaves IT professionals with no choice but to look at appropriate third-party solutions to help secure systems, protect corporate data and for compliance with major industry regulations, including NIST 800-53, PCI, HIPAA, Sarbanes-Oxley, NIPSOM Chapter 8, ICD 503…
Capabilities that native Windows Active Directory cannot provide but should be in place, include simple limitations such as prohibiting concurrent logins - preventing two logins on a single user ID taking place at the same time, setting rules and restrictions around when and how users access the network and alerting on inappropriate file access rather than simply logging an incident.
With BYOD quickly becoming the rule rather than the exception, native functionality does not provide adequate means to secure user access from personal devices. IT need to track, record and automatically block inappropriate access across all sessions, including Wi-Fi/VPN or IIS.
What’s more Active Directory does not provide a workable solution for monitoring network access activity – in real time - or offer suitable access and login intelligence.
Additional access control protections are needed to prevent security breaches that stem from compromised and/or stolen accounts and protect a network from both malicious and careless users.
Add Security Layers to a Windows Server Network Password
Additional context-aware authentication (location, IP address, time of day, number of simultaneous sessions) helps an organization to effectively manage and control network access for all its employees.
This control must also apply to an organization’s contractors, subcontractors, partners, vendors and other extended enterprise accounts that have access to the organization’s network.
An appropriate User Access Control Policy should include
Different login limitations should be set to ensure that every user in the organisation has sufficient access rights to fully perform his tasks without restriction, but no more.
Granular login restrictions must take into consideration the session type (workstation, terminal, Internet Information Services, Wi-Fi/Radius or VPN/RAS) and its application (performed on a 'per user', 'per user group' or Active Directory Organisational Unit basis) to create a comprehensive matrix of access rules.
Concurrent logins (same ID, same password) should be banned or strictly limited to specific situations. Allowing simultaneous sessions widens the attack surface of a network where rogue users can seamlessly use valid credentials at the same time as their legitimate owner.
Logins from multiple systems should also be limited and users should be restricted to only connect to the network from their own workstation/device or from a predetermined set of workstations (e.g. those in their department, their floor, their building, etc.).
Time is another critical factor in Information Security. The average user should be able to login only during business hours, with exceptions handled and controlled with care.
Conclusion
Context-aware authentication software like UserLock helps set and enforce a User Access Control Policy that secures network access for all authenticated users and prevent security breaches from the Insider Threat.
Next chapter
Insider Threat Detection & Response
IS Decisions software offers organizations proven and effective solutions to help protect a Windows Network against Insider Threats.
Manage, control and secure network access for all authenticated users.
Secure and report on all access to files, folders and file shares that reside on Windows Systems and in the cloud.