Save as PDF
Machine Identity Security (MIS) or Machine Identity Management (MIM) is another critical aspect of cybersecurity that focuses on securing and managing the digital identities of machines, such as servers, applications, and IoT devices, which is currently overlooked due to lack of knowledge and network administrators thinking & admins perspectives, as they are doing the same thing over the past decade and the juniors are also learned to do the same thing, as they’ve learnt from their seniors. No one corrected them nor have they learnt the new things, not even the scripts!!!
These machine identities, often represented by digital certificates and cryptographic keys, are essential for authentication and authorization in machine-to-machine communications. Effective MIS helps prevent unauthorized access to sensitive data and resources, as well as protect against various cyber threats, according to Entro Security.
Problem statement (THE CRISIS): more than 2000 devices use case scenario:
- Device identities were unmanaged, though most of them were Cisco devices, yet ISE were never installed, all devices were manually managed
- AAA services for each device were missing
- Forgotten Service Accounts, and hundreds are still alive, integrated but has no use
- PAM missing, one common account & password (most of them were guessable) were found on every device, therefore, who is changing which configuration were completely missing
- IoT: a BTS power management device was internally designed, and drove into BTS’s power management, visibility and automation requirements
- Hard-coded API keys within applications, no key rotation
- Enormous number of devices managed by an army of technical people whose capacity & capabilities are questionable, including the managers’.
- Enormous times, their data were exploited (found in the dark web), yet management stays quiet and never took these exploits as problems!!! And they were completely ok.
- DDoS: above points are shouting like crazy, that these devices will be prone to DDoS attacks, and for 4 consecutive months, they suffered massively, lost a hefty number of customers, yet management kept quiet, waiting for someone to guide these folks to Candyland!!!
- At every unconfigurable & point of failure, the device gets restarted, and its OS and configuration were restored to a previous state where the latest configuration inserts were made, if a customer is impacted or not!!!
- IKE version mismatch on all devices
- No certificate services at all, meaning all transmission can be captured and can be exploited at any point of time, they were fully exposed
- Infected DNS leads to exposure of all internetworked devices including routers, switches, and no firewalls!!! As it’s not into their practice
- Device configuration backup – a nightmare
- SNMP: all public strings are common to device
- Naming conventions: another unprofessional activity
- Unplanned outages all over the country
What are Machine Identities?
- Machine identities are the digital credentials used by machines to identify and authenticate themselves within a network just like users and their computers are identified and given access to networked resources.
- They are similar to human usernames and passwords, but use digital certificates, keys, and other credentials like SSH keys and IP addresses.
- Examples of machine identities include service accounts, API keys, and CI/CD pipeline credentials.
Why is Machine Identity Security Important?
- Security: Compromised machine identities can allow attackers to establish hidden communication channels, gain privileged access, and impersonate legitimate machines, says CyberArk.
- Compliance: Organizations need to manage and secure machine identities to comply with various regulatory and industry standards.
Efficiency: MIS helps automate and streamline identity management processes, reducing the risk of manual errors and increasing operational efficiency.
Zero Trust: In a Zero Trust security model, where trust is never implicit, robust MIS is essential for validating and managing access to resources.
Key Components of Machine Identity Security:
- Discovery: Identifying and inventorying all machine identities within an organization’s environment.
- Management: Creating, renewing, rotating, and revoking machine identities throughout their lifecycle.
- Governance: Enforcing accountability, policies and controls that govern the use of machine identities and their access to resources.
- Privilege Management: Granting the least privileged access to machine identities based on their needs and responsibilities.
Benefits of Effective Machine Identity Security:
- Reduced Attack Surface: By securing machine identities, organizations can minimize the risk of unauthorized access and data breaches.
- Enhanced Visibility: MIS provides visibility into all machine identities, helping organizations identify and address security risks.
- Improved Compliance: Properly managing machine identities helps organizations meet regulatory requirements.
- Increased Efficiency: Automated processes and policies streamline identity management, reducing manual effort and errors.
Lets jump into the solution we’ve derived:
Configuration Benchmark: a complete configuration review took place, and each device’s configuration enabled with:
- CIS configuration benchmark
- A custom ERP module was derived, tested the integration, and placed in production
- Authentication enabled with RADIUS, FreeRADIUS were customized and integrated
- SSL certificates intsalled
- Enabled rate limiting,
- Cleaned DNS servers,
- DNS authentication turned on,
- Turned off DNS recursive queries,
- Enabled NTP sync once a month,
- Enabled SMTP services
- Enabled SNMP services
- Turned off Telnet and SSH is activated
- Turned off TLS-1 and TLS 1.3 applied
- Enabled RTBH
- API key rotation enabled
- 3rd party small tools purchased & installed, which provided scrubbing centers