Administration Model

Description

Associated risk

 

Dedicated devices on a segregated network

The service is administered from dedicated devices on a segregated management network. 

The devices are solely for service management, and not for general purpose use, such as email and web browsing.

With this approach, the management devices and segregated network are difficult to attack. 

This approach may also help support personnel security measures for higher security systems. For example, where the service provider wishes to demonstrate that only staff that have been subject to stringent security screening (or hold appropriate security clearances) have access to system administration functions.

 

Dedicated devices for community service administration

Devices are dedicated to managing services for a single community (e.g. UK public sector). The management network is segregated from all other networks.

The devices are used solely for service management, and not for general purpose use, such as email and web browsing.

When managing multiple services there is a risk that a more vulnerable service could be compromised and used as a staging platform to attack the management network. Managing services with similar security postures together will help reduce this risk.

This approach may also help support personnel security measures for higher security systems. For example, where the service provider wishes to demonstrate that only staff that have been subject to stringent security screening (or hold appropriate security clearances)have access to system administration functions.

 

Dedicated devices for multiple community service administration

Devices are dedicated to service management, but are used to manage multiple services across multiple communities of users. 

The devices are used solely for service management, and not for general purpose use, such as email and web browsing.

In this model the devices themselves remain difficult targets to attack, but the larger and wider ranging scope of the management network may make it more exposed to attacks.

 

Service administration via bastion hosts

This model (also known as ‘browse-up’) is where a service is managed using devices from a less trusted network (such as a corporate business network), but only by authorised management staff. Those staff have access to specific management hosts, known as bastions, from which all management actions on the service are conducted.

Corporate systems tend to process a wide range of content types and are more vulnerable to attack using typical techniques. 

Bastion hosts provide some protection against threats from corporate networks, but attackers with access to corporate devices used by service administrators are likely to still be able to access the service management environment as if they were legitimate administrators.

Malware capable of performing session hijacking is becoming increasingly common, so the risks associated with this model are also increasing.

!

Direct service administration

The service is managed directly from devices which are also used for normal business (web browsing, viewing external email, etc.)

In this model, there is little protecting the service from unauthorised access to management interfaces. Services managed in this way are at a significant risk of compromise.

!

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!