Avecto says DreamHost hack - and subsequent mass password reset – could have been avoided
January 2012 by Avecto
Commenting on reports that DreamHost, the US West Coast-based hosting provider, has reset all of its many users passwords in the wake of a hacker incursion into its systems, Avecto says the hack could probably have been prevented through the effective management of end user privileges.
According to Paul Kenyon, Chief Operating Officer with the Windows privilege management specialist, by controlling exactly who has access to specific applications on the hosting provider’s servers, the company would have helped prevent hackers from even starting to compromise the member’s credentials as they appear to have done.
“We know that DreamHost’s shared and dedicated hosting network consists of a series of Web servers and that the controlling software is a customised application that was developed in-house. If the developers had integrated privilege management software into their customised applications from the ground up, then the user’s credentials would not have been accessible from the public Internet,” he said.
“Privilege management software is all about empowering users to do their job. By effectively managing access to the software to specific users, and specific terminals, even if the hackers gained access to the IT staff credentials, they could then only access the relevant software from within the corporate network,” he added.
Putting it simply, the Avecto COO went on to say, this form of software security means that the IT admin credentials would only work from nominated terminals within DreamHost’s network. Hackers coming from outside the network – and on the Internet – would have been blocked.
This policy driven privilege management approach, he explained, means that where there is least privilege there is least risk.
As we said late last year when we identified that the financial sector is ahead of the curve when it comes to security, cybercriminals are now focusing their attacks as they attempt to further monetise their malware programs, he noted.
Our observations, says Kenyon, suggest that there is a significant security threat associated with excessive user rights and that no amount of user auditing and log files can solve this problem.
“It is therefore essential that IT security professionals should not compromise their security for the sake of delivering functionality. Privilege creep is a common problem that a growing number of security professionals are aware of - and have acted upon to help mitigate the risk,” he said.
“That said, many sectors of the IT industry are still catching up, leaving their systems exposed to the dangers of admin right abuse. We know that many professionals are continuously struggling to control unsecure third party programs - such as browsers, games, animations and password crackers - that are able to run, even in the most secure software environment,” he added.
“The strategic whitelisting and blacklisting of applications and programs ensures that malicious code and content can be blocked to create a more secure environment. Building this type of security into a customised set of applications software is therefore a must-have for anyone in the IT software development arena.”