Hacker News new | ask | show | jobs
by maxaf 3731 days ago
There isn't a totally bullet/fool-proof way, but it boils down to aggressively locking down computing functions to match closely the job functions expected to be performed by every employee. This requires a thorough understanding of said job functions. For example, why do engineers need to ssh to production machines? If the answer is "to tail logs", then a facility needs to be created that allows the tailing of logs and nothing else. This can be done either by locking down authorized_keys, using restricted shells, or introducing centralized logging (logstash, kibana, ...).

Access to outside SSH is a big no-no. Access to outside file sharing (DropBox et al) is a liability unless explicitly required for performing job functions.

I've worked with a brilliant security mind (no irony here) who wanted to go as far as provide employees with remote desktop environments only, which were to run in a fully controlled environment. This removes attack vectors such as USB drives, computer theft, and so on. The proposal never flew, but the idea has merit and is thought-provoking in its own right.
1 comments
mx2323 3731 days ago
what do you think about recording every SSH session?

You bring up remote desktop environments... its actually a good point... similar to what VM's on AWS are.

If the access point (SSH) is locked down and recorded, doesn't that pretty much remove any possibility of employees leaking stuff?

knowing that they are being recorded is a pretty big deterrent to leaking data right?

link
maxaf 3731 days ago
I've personally come to assume that everything I do on an electronic device is being recorded all the time, so the mere presence of surveillance isn't in itself a deterrent. Most reasonable people will IMHO realize that no one's going to read through the interminable logs of SSH sessions, 99.999% of which will likely turn out to be most mundane and boring. Apart from that, storing and securing these logs will in itself become a liability. Imagine all the sensitive information that might get caught in those logs, only to be leaked itself in a titanic stroke of irony!

Relying on surveillance is folly; simply lock down access and remove privileges that aren't necessary. This is something you do once and never have to think about again, unless some event warrants a review. Thankfully such reviews can be triggered by normal business activity: new project, new employee, new team, new vendor product, etc.

link
mx2323 3730 days ago
yeah. what if one of those privileged accounts gets compromised or an admin goes rogue...

i think theres still a use for surveillance. just my opinion.

then again. im paranoid. i want the fort knox of data.

link