How to secure IT administrators’ desktops?

The weakest link in a chain is the strongest because it can break it.
Stanislaw Jerzy Lec

Information Systems
Information Systems (IS) have developed considerably and are constantly progressing. The Information Systems Security is crucial from an economic and State standpoint, and even from a personal perspective. However, the Information Systems Security is based mainly on its weakest link, which is also the essential element: the human. The administrator who has a power and a very strong responsibility is no exception to the rule. As a matter of fact, it is he who installs, configures, manages… but he also has his own strengths and weaknesses.
The 2013 French White Paper on Defense and National Security ([1]) clearly places the security and defense of IS at the core of France’s strategic priorities. To go further, cybersecurity must be a matter of major interest and therefore governance for all organizations (public or private).
The strengthening of the impetus given in the White Paper is detailed in the Loi de Programmation Militaire (LPM or Military Programming Law), which sets out the operational priorities and major choices of equipment or manpower ([2]). Within this framework, several sectors must be considered: the State, protection of the citizens, and the economic and social life in France.
More specifically, in the decrees of the LPM laying down security rules relating to IS, it is stated that administration operations must be carried out on dedicated desktops and that an administration account must be used only for this purpose. Moreover, this practice is recommended by the National Cybersecurity Agency of France (ANSSI) in its technical note dedicated to the secure administration of information systems ([3]).
It is common practice for an administrator to use his or her desktop to perform both critical tasks and consult a website, personal emails, etc.; which can potentially be a high risk for the company.
The first danger concerns the contagion of a viral or malicious threat received by its least protected environment (personal messaging, office work, etc.).
The second relates to administration tasks that have a major impact to the company and must be performed in a specific environment where the administrator is aware that each gesture is engaging. Furthermore, while it is realistic to ensure the security of a closed and dedicated desktop, it is also more difficult for an administrator operating his tasks from a standardized desktop.
Moreover, if we take the example of an outsourcer providing IT network administration services for several entities (private and/or public), it is completely illusory to believe that the latter will use a dedicated desktop for each network he is going to administer. Let’s imagine that one of the managed networks is infected and the infection spreads to other networks administered by this outsourcer…
As much as security equipment such as servers, routers, firewalls, etc. are usually located in dedicated rooms with controlled access; both operating and administration equipment can be “relatively accessible” by a threat agent. TV5 Monde’s (Global Television Network) piracy in 2015 is the perfect illustration…
To respond effectively to the security issues of a dedicated administration desktop, a solution is to securely virtualize the administration desktop. The idea is that the “administration desktop” has the least possible adherence to the equipment on which it is performed, to separate the specific tasks of administration from the other tasks and, evidently, to control, trace and/or follow the administration actions.
Systancia, a respected player in the field of desktop virtualization (VDI) and mechanisms of Privileged Access Management (PAM), offers the Systancia Cleanroom solution, formerly Cleanroom solution, which addresses the problem of sealed virtualization as well as the LPM security rules relating to logging, traceability, identification, authentication, etc.
Systancia Cleanroom allows an organization to isolate and trace privileged users’ works from its other actions (personal or professional). This solution also prevents any deviant action that could lead to a degradation of the administered IS.
Systancia Cleanroom solution thus offers a new dimension to remote administration, which should no longer be seen as a potentially exploitable way to attack. This new product makes it possible to provide a dedicated and controlled environment by an organization on a desktop not necessarily controlled by this organization. Desktop virtualization (VDI) provides adapted features to create virtual administrator desktops on-the-fly, even allowing the desktop to be recycled for each use. In addition, this solution based on an Systancia Gate basis provides important safeguards regarding security rules for loggin.
References
[1]          https://www.livreblancdefenseetsecurite.gouv.fr/
[2]          Law n°2015-917 of July 28, 2015 (https://www.legifrance.gouv.fr)
[3]          https://www.ssi.gouv.fr/uploads/2015/02/NP_SDE_DAT_NT_Archi_Admin.pdf

Download the documentation

Antoine Coutant – Cybersecurity Director