HappyHippo's avatar
HappyHippo
Contributor
4 months ago
Status:
New

Device/group deletion confirmation by another user

Request to ensure devices or groups being deleted are approved before deletion. This will allow LogMeIn to meet various security framework requirements regarding auditing. Currently, we couldn't provide this to an auditor.

 

Scenario:

Disgruntled employee deletes all computers within account. 

Unauthorised access to LMI account by external threat actor can delete devices.

 

Risks:

Loss of access to devices.

Costly  remediation/reinstall - especially depending on host device locations.

 

Mitigation:

When user 'X' deletes a device or group, it should go into a 'pending deletion' state or group. These should then be accepted or declined by another user with relevant permissions, let's say user 'Y'.

 

This will then be added to an audit report of:

  • Deletion user,
  • Confirmation user,
  • Group name,
  • Device name,
  • IP of user X and Y

 

No CommentsBe the first to comment