Four Best Practices for Securing Your IT Management Platform
In a world where we have data lakes of information available to us, many IT management platforms test their boundaries by attempting to gather as much information about your infrastructure as possible. This allows those platforms to present you with all sorts of information, but much of that information may not actually be necessary for the purposes for which those platforms are deployed. Additionally, IT management platforms are increasingly becoming the target of hackers looking to take advantage of the information these platforms store to further their foothold into environments via information on, or access to, critical IT infrastructure devices.
This post provides best practice guidance around four areas that administrators can follow to effectively secure IT management platforms and limit their exposure to hacks:
- Weighing the security risk of IT management platform features against the business use case
- Configuring the IT management platform’s information access and handling
- Securing access and authorization to the IT management platform
- Controlling how the IT management platform communicates externally
Remember, no system is ever 100% secure, but the advice below can help you at least make life more difficult for hackers who may try to exploit your IT management platform.
Best Practice #1: Weighing Security Risk of Features Against Business Use Case
Each feature that is enabled in the IT management platform should always be justified by a business use case, and that use case should be reevaluated on a recurring schedule to avoid collection of information that is no longer necessary. While it might seem exciting to enable new a feature “because we might need it in the future,” limiting unnecessary collection of data helps to reduce exposure in the event of a security incident.
When reviewing a feature, consider:
- What problem is this feature attempting to solve? Ensuring that features are related to specific problems will help avoid feature creep.
- Will this feature duplicate that of another platform already deployed? If so, determine which platform provides the greatest value so that only one source of truth is deployed.
- Do you have any certification/regulatory requirements that might be compromised by this feature?
- Who will govern the use of this feature, making important decisions on how it is used? Having an individual who is the authority on a particular platform and its features helps ensure that policies are followed when making changes to the platform.
Best Practice #2: Configuring Information Access and Handling
When deciding on an IT management platform for your business use case, it’s always critical to understand what information this platform will have access to from the IT infrastructure that it manages. Critical IT infrastructure often contain information in their configuration that should be protected as they are the keys to the kingdom. This information includes, but is not limited to:
- Local user credentials
- Monitoring credentials (for SNMP, TACACS, RADIUS, LDAP, etc.)
- IKE pre-shared keys
- Routing protocol secrets
- RSA certificates for SSH and other protocols
While the above information is very critical to properly secure, the overall configuration and state information of the device is equally important as it can be used by hackers to profile your infrastructure. This can allow a hacker to identify areas in your network that are weak or have known vulnerabilities.
IT management platforms may require the above information so that they can fulfill their business use case (e.g., monitoring, configuration backup, etc.), and as such they will collect and store this information. When reviewing how to configure the platform, consider a platform that:
- Encrypts sensitive information, such as configurations and stored credentials, while at rest
- Has configurable data retention policies – platforms should only retain information for as long as it’s required (certification/regulatory requirements often govern the length of time data should be retained)
- Has data obfuscation/anonymization features, such as password/secret-key obfuscation (if you have a separate password management platform, it may not be necessary for a separate platform that stores configuration backups to keep passwords/secrets stored in a backup as they exist on the device)
Best Practice #3: Securing Access and Authorization
There are two perspectives when it comes to securing an IT management platform: the first is securing access and authorization to the platform – covered here – and the second is securing what the platform itself can communicate with – covered below under best practice #4.
Reviewing the first perspective, having an appropriate role-based access control (RBAC) configuration on the IT management platform to implement the principle of least privilege will ensure that only those with the necessary access can view the information they are required to see and nothing more. This ensures that if an employee’s ID becomes compromised, a hacker is limited in terms of what information they can see using that ID. All access attempts should be logged by the management platform to an external logging server for auditing and security incident investigation. Using an external authentication and authorization service that provides single sign-on (SSO) and multi-factor authentication (MFA) instead of using locally configured user credentials will help control and log access to the management platform.
Finally, regular audits of access attempts to the platform and the privileges that each user has within the platform should be performed. When users change roles, their access should reflect what is needed in the new role if access is still required.
Best Practice #4: Controlling External Communications
Finally, controlling what the IT management platform can communicate with will help ensure that a compromised management platform does not have unfettered access to your IT infrastructure. This is usually accomplished by placing a critical management platform behind a firewall with appropriate policies that consider:
- Which credentials does the platform use to communicate with your IT infrastructure and can restricted access service accounts be used?
- What protocols must be permitted from the rest of the IT infrastructure to the management platform (e.g., monitoring and management protocols)?
- What protocols must be permitted from the management platform to the rest of the IT infrastructure?
- What external services does the management platform require (e.g., authentication, DNS, NTP, etc.)?
- Does the platform require internet access for functions like software upgrades or integration with third-party systems (e.g., authentication, IT service management, etc.)? If requiring access to a third-party system over the internet, are there specific IP addresses or ranges for these third parties that can be used to base specific firewall policies on?
By understanding how the management platform communicates externally, you can safely control access to/from the platform.
This blog post was authored by Brian Yaklin, a senior member of Optanix’s route/switch engineering team. It is part of a series of posts by Optanix engineers focusing on the importance of security in the IT management space.