To ensure the security of systems, restricting administrative privileges is a crucial strategy and an essential component of the Australian Government’s Essential Eight recommendations.
By restricting admin roles and removing local admin rights, users are prevented from making significant changes to their operating system configurations, bypassing critical security settings, and accessing sensitive data. Additionally, domain administrators are prevented from controlling entire network domains, including all workstations and servers within the network.
Why remove local admin rights and restrict admin privileges?
Malicious actors often exploit vulnerabilities in workstations and servers by using malware to elevate privileges, spread to other hosts, hide their existence, persist after reboot, obtain sensitive data, or resist removal efforts.
However, by restricting admin privileges, these risks can be effectively combated, as it becomes more challenging for malicious actors to operate. Moreover, environments where administrative privileges are restricted are generally more stable, predictable, and easier to manage.
Restricting admin privileges: what works and what doesn’t?
Ineffective methods for restricting admin privileges
Companies often think they have this area covered, undertaking certain actions that may appear to protect their system and user administrators, when in fact they don’t go far enough. This can lead to a false sense of security that puts an organisation at risks. These ineffective actions include;
- Minimising the total number of privileged accounts.
- Temporarily allocating administrator privileges to user accounts.
- Placing standard user accounts in user groups with administrative privileges.
So, keep this in mind when planning your strategy, and reach out to us at Cloud Connect if you have any questions or concerns about your current approach.
Effective methods for restricting admin privileges
To effectively restrict administrator privileges, organisations should take the following steps:
- Identify the tasks that require admin privileges to be performed.
- Validate which staff members are required and authorised to carry out those tasks as part of their duties.
- Create separate attributable accounts for staff members with admin privileges, ensuring that their accounts have the least number of privileges needed to undertake their duties.
- Regularly revalidate staff members’ requirements to have a privileged account, or when they change duties, leave the organisation, or victims of a cyber security incident.
Additionally, companies can go one step further by strictly limiting a privileged administrator’s access to the internet – to only what is required to undertake their duties.
Learn more about the Essential Eight and restricting admin privileges
You can visit the Australian Cybersecurity Centre for more information on why the Essential 8 recommends you restrict admin privileges.
If your business needs assistance with reviewing your security systems or implementing any of the Essential 8 strategies, please don’t hesitate to call us on (08) 94814988 or email info@cloudconnect.tech. Stay tuned for more insights as we continue our journey through the Essential Eight!
