CA IM - Refine Authority Required

Idea created by Eric Laney on Mar 4, 2016
    Currently Planned
    Score5
    • Ednei Rodrigues
    • ronro03
    • Eric Laney
    • CadetD
    • RalphSThomas

    Too often, the software components of CA Identity Manager ask for extremely high levels of authority  to do what they are designed to do. As a security product, especially one that presents itself as capable of solving several of the Center for Internet Security's top 20 critical security controls (CSCs - https://www.cisecurity.org/critical-controls.cfm), Identity Manager too often violates these same controls. Please review the authority actually required for each part of CA IM, clarify the need or reduce the level of authority documented in the Bookshelf or Wiki to that which is actually required, and in general work to make CA IM a platform that solves security problems without introducing new ones.

     

    Example: Microsoft Exchange endpoints

    Seen in version: 12.6 SP6

    Authority documented:

    • The Exchange Recipient Administrator role
    • The Exchange Server Administrator role on all the mailbox servers
    • The Local Administrators group on all the mailbox servers and the CCS machine.

    Authority violates:

    • CSC 3 Secure Configurations for Hardware and Software
    • CSC 5 Controlled Use of Administrative Privileges- configuration could allow unauthorized lateral movement and data access / exfiltration
    • CSC 12 Boundary Defense- configuration could allow unauthorized lateral movement
    • CSC 13 Data Protection- configuration could allow unauthorized data access and exfiltration
    • CSC 18 Application Software Security - basic application software security includes principles of least privilege

    Authority required / desired:

    • Recipient Management
    • Mailbox Management

     

    Example: Installation on Unix

    Seen in version: 12.6 SP2

    Authority documented / required:

    • root

    (Note that this is not simply root-level authority, such as what could be performed by anyone with wheel or sudo or sesudo access.  The installation script checks that the user is named "root" and exits if it is not.)

    Authority violates:

    • CSC 5 Controlled Use of Administrative Privileges - potentially compromises the credentials for the root account.
    • CSC 6 Maintenance, Monitoring, and Analysis of Audit Logs - opens the system to having logging disabled.
    • CSC 13 Data Protection- configuration could allow unauthorized data access and exfiltration
    • CSC 16 Account Monitoring and Control - use of the actual root account limits the ability to monitor user activities and jeopardizes log correlation to a specific user.

    Authority required / desired:

    • Ability to use any account with sufficient file- and system-level authority