Object History tracking for security auditing
The KACE SDA currently has no way to audit changes made to any imaging-related objects, including:
- KBEs
- System images
- Pre/Mid/Post install tasks
- Task Groups
Coupled with the "all or nothing" approach to permissions in the SDA, this creates an information gap that results in a security concern: how do you know what object or setting change was made, when it was made, and who made it?
Consider the worst case scenario: a disgruntled SDA Admin on their final day at the company adds a malicious script or application to a post-install task.
The risks that come with the current model:
1 - If you have more than one person in the image administration role, there is no way to prove accountability for this act of sabotage.
2 - If the change is not noticed immediately, there is no way to understand how far back it occurred and therefore no way to assess the true impact in terms of how many systems were imaged with the new configuration.
The KACE SMA has this functionality in the form of the Object History. Let's add it to the KACE SDA as well so that we can cover our security concerns there as well.
Bob Taylor
shared this idea