Twitter

Entries in whitepaper (2)

Sunday
May312015

CA Privileged Identity Manager Security Research Whitepaper

Today we are announcing the release of our latest whitepaper that includes the results of a research project performed for CA Technologies earlier this year. The focus of the research was to determine the effectiveness of the security controls provided by the CA Privileged Identity Manager (CA PIM) solution against attacks that target privileged identities.  Privilege Identity Management is an approach for reducing risk and securing super user accounts. These accounts are required in every IT organization for performing system administrator tasks and the CA PIM solution aims to provide access and account management through a variety of security controls.

The CA PIM components that were considered in scope for the research project were the following:

  • Fine-Grained Access Controls – Layers access controls on top of the native operating system for protecting privileged accounts. In the event a privileged account is compromised, access to the compromised system is restricted.

  • Granular Audit Logging – Provides audit logging or tracking identity and actions of privileged accounts even in shared account scenarios. Combined with enforced fine-grained access controls, this is intended to help with early detection of privileged account compromise.

  • Application Jailing – Provides the ability to enforce fine-grained access controls on applications and processes. By limiting the system resources that can be accessed by an application, those resources are inaccessible to an attacker in the event a vulnerability is exploited, including previously unknown 0-day vulnerabilities.

The research performed included the following major activities:

  • Learning PIM and Initial Setup - The GDS Labs research team started with zero knowledge of the platform and learned about its features and capabilities through setting up common deployment scenarios, reviewing administrator guides, and receiving guidance from CA PIM product support. Additionally, profiling of the relevant agent processes was performed to identify system resources accessed, network communications, etc.

  • Threat and Countermeasure Enumeration - Research activities investigated how CA PIM can be deployed to mitigate common security threat vectors and attacks that target privileged users. The threats and attacks were narrowed to those relevant to the in-scope CA PIM components. Various CA PIM access control policies and configuration settings were identified as potential countermeasures.

  • Solution Mitigation Verification - Selected validation testing was performed to determine the resiliency of configured CA PIM policies against common bypass techniques and exploits relevant to fine-grained access controls. Additionally, CA PIM’s intercepting kernel agent architecture as well as sudo, shell wrapper, and proxy control architectures were compared and evaluated to determine their resiliency to the threats and attacks.

A penetration testing assessment of the product was not performed as part of this phase of the research project. Recommendations for improving the security posture of the product were provided to CA where relevant.

The whitepaper containing the results from our research can be downloaded from our Github page:

https://github.com/GDSSecurity/Whitepapers/raw/master/GDS%20Labs%20-%20CA%20Technologies%20CA%20PIM%20Security%20Research%20White%20Paper.pdf

 

Monday
Feb022015

Mobile Application Management (MAM) Security Checklist and Whitepaper

As a followup to the research GDS performed in 2014 on Mobile Application Management (MAM) solutions for protecting organization data in Bring Your Own Device (BYOD) deployments, we are finally releasing our security checklist and whitepaper. The presentation delivered at Blackhat USA 2014 is available for download here.

The MAM security checklist is intended to be used as a baseline for assessing, designing, and testing the security of a MAM solution and is thus aptly suited to assist three major stakeholders in the BYOD space: buyers, builders, and breakers. This list was constructed from our experience and research assessing a variety of MAM solutions in the marketplace today. This should not be considered an exhaustive list, but rather a compilation of major test cases that can be used to determine the security posture of a MAM solution. As always, contributions/recommendations from the community are welcome in an effort to further expand this checklist. We have published the checklist on Github in order promote feedback and collaboration. The checklist can be found at the following Github page: 

The whitepaper expands on the research delivered at Blackhat USA 2014. It provides additional background on the architecture of MAM solutions, delves into vulnerability patterns, and provides recommendations for designing and implementing MAM solutions securely. The whitepaper can be downloaded using the following link: