This page contains a Flash digital edition of a book.
IT SECURITY


Odds stacked against gaming industry IT


Philip Lieberman, founder and president of Lieberman Software, explains how threats from within a casino structure can be just as dangerous as those from outside


W


hen it comes to handling insider security threats, gaming industry IT professionals face challenges that set them apart from peers in other markets.


• High volumes of sensitive payment and player


data make your network an irresistible target for hackers and thieves.


• In an effort to administer large numbers of


servers and applications with limited staff, IT groups in many large casinos choose easily-remembered, shared, never-changing passwords that leave a gaping security hole: if you know one password you might know them all.


• Casinos experience high staff turnover in prime


destinations such as London, where large pools of employees handle similar tasks in businesses that are adjacent to one another. As a result some organisations lose and gain as many as hundreds of employees each week. IT professionals in these organisations also change jobs on a regular basis, giving them the opportunity to take sensitive insider knowledge out the door.


Unfortunately access standards can be nearly impossible to uphold because conventional identity and access management (IAM) systems don’t manage or control the privileged identities present on your network. Privileged identities are the so-called “super user” accounts that grant IT staff full-time, anonymous access to data and configuration settings virtually everywhere on your network:


• Privileged logins used by IT managers,


helpdesk personnel, network engineers, database administrators, application developers, vendors and contractors grant unmonitored access to computer hardware, line-of-business applications, databases, directory services, and nearly every other IT asset.


• “Super-user” credentials that are often hard-wired


into custom and packaged software applications grant access to databases, middleware and other application tiers. These credentials are seldom if ever changed, and can be misappropriated by developers, contractors and administrators to gain anonymous access to player and financial transaction records.


• Software service accounts can also require privileged logins to run, and unless frequently changed can provide unmonitored access to those who know the credentials.


36 MARCH 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54