The U.S. military does not trust a single man to launch a nuclear missile. There is a process, and as we saw in the Denzel Washington submarine thriller "Crimson Tide," communications are essential to proper decision making. It takes a concurrence among several people to ensure that the order to launch the nuke is authentic. In the silo, two soldiers each have to turn a key at the same time to get the launch sequence going. The keys are physically separated so no one person can create nuclear chaos. This "two-man rule" is also applicable to network security.
Senior managers at highly networked organizations are no longer in charge the way they once were. Individuals way down the totem pole of management can single-handedly determine the functionality or survivability of the network. The techie who knows how to tweak the bits, manage the complex graphical user interface screens and interpret policy for implementation is the real powerhouse.
Network administrators determine who has access to network resources from beyond the perimeter. They control which insiders have access to which internal resources - a fairly critical decision because we don't always know the intentions and motivations of everyone in our employ. They handle the configuration of the network nexus points such as firewalls, routers and servers. And they can bring a network up or down depending on its operational needs, maintenance or upgrading, following corporate policy when under attack - or based on their own whim.
The question is: Should an organization let one individual in the technical area make critical decisions, many of which should be made by management or based on policy? Many security decisions affect the company's ability to do business. You need to decide whether putting that authority into the hands of one person who may be a new employee, a marginally competent worker or a staff member with questionable loyalty is a smart thing to do.
The majority of commercial off-the-shelf software in use today follows the single-man rule. That is, the administrator makes the technical decisions and administrative choices without sanity check, oversight or a technical sign-off. If there are two or more people with root authority, they may share the authority, but there are no embedded hierarchical controls or oversight. Security products contain logs for later analysis, and perhaps someone finds the time to examine them, but the person with root control can also modify or erase them.
As companies grow, the complexity of security management increases dramatically. Questions arise regarding who runs which pieces of the network, under which criteria, and how they are overseen by corporate policy or management. This has prompted vendors and users to take a hard look at the concept of the two-man rule.
Here are some options for implementing the two-man rule in network administration to ensure policy compliance, avoid errors and omissions, and keep an eye on the all-powerful networked insider:
Create a hierarchy of security-related operations that can be decided by one or two people. Determine which can be done without senior management's electronic approval and which require approval before they can be implemented.
Create a security log file that requires at least two people to open - one who must be a senior manager.
Choose which security functions must be performed by two people within a given period of time. For example, if Administrator A doesn't approve Administrator B's decision within X period of time, the change reverts to its original condition.
With new security management tools on the market, truly security-aware organizations will want to consider how much power they delegate to single individuals in the technical staff who can make errors or be malicious. Enough cases are showing up to support the studies that suggest more than 60% of security incidents are precipitated or abetted by insiders. It's worth looking into how your network management configuration can be tailored for the two-man rule.
Schwartau is president of Interpact, a security awareness consulting firm and author of several books, including the recent CyberShock. He is also co-founder of NiceKids.net and founder of Infowar.com. He can be reached at firstname.lastname@example.org