Tag Archives: system

Do you have User IDs Hidden in the Cloud?

hidden-in-the-cloudIt’s 10 o’clock in the cloud. Do you know where all your user IDs are? Are some hidden in the cloud?

Cloud security if often cloudy because it’s not on premise where you can control it easier.

That means you may have powerful user IDs in the cloud that your security team knows nothing about, which means….

Continue reading

2 Comments

Filed under Audit, Case Files, Technology

How to Audit User Access

How to Audit User AccessWhen checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:

  • Application ID
  • Application role or group
  • Membership in an local server group, Active Directory (AD) group, or UNIX Group
  • Access to the application’s share and/or folder on the server
  • Database ID
  • Database role, including access permissions (read/write)
  • Other permission (from a home-grown application code or enterprise identify management system)

Continue reading

2 Comments

Filed under Audit, How to..., Security, Technology

What Needs to be on a GOOJ Card?

If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.

In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.

Continue reading

9 Comments

Filed under Audit, How to..., Security, Technology