Windows Login Controls Holes
Came across a great article that points out how there are eight major holes within the Windows native login controls and how it prevents two things: complying with some major regulatory constraints and efficient mitigation of insider threats.
Windows has more security features than any other operating system but is strangely lacking the fundamental and classic login session controls found in other environment like mainframe and midrange systems, UNIX and Netware.
Windows indeed lacks:
- Concurrent logon control (hole #1)
- Logon/logoff reporting (hole #2)
- Logon session monitoring (hole #3)
- Remote logoff of workstation logon sessions (hole #4)
- Logon time restrictions by group (hole #5)
- Workstation restrictions by group (hole #6)
- Forcible logoff when allowed logon time expires (hole #7)
- Previous logon time and computer display when user logs on (hole #8)
These are although important security controls that are required for an Information System to comply with major regulatory constraints (HIPAA, SOX, PCI, NISPOM, DCID 6/3, GLBA, US Patriot Act, FISMA…) and can efficiently mitigate insider threats.
And the threat of attack from insiders is real and substantial. The 2007 E-Crime Watch SurveyTM conducted with the U.S. Secret Service, Carnegie Mellon University Software Engineering Institute’s CERT® Program and Microsoft Corp., found that in cases where respondents could identify the perpetrator of an electronic crime, 34% were committed by insiders (outsiders 37%, unknown 29%).
39% of these rogue insiders used compromised accounts to commit e-crimes, like unauthorized access to/use of corporate information, systems or networks, theft of intellectual property, theft of other information (including financial and customer records) and fraud (credit card, etc.).
Go read the whole thing. Especially if you are a network administrator or IT security person.