To ensure the security of systems, restricting administrative privileges is a crucial strategy and an essential component of the Australian Government’s Essential Eight recommendations.
By restricting administrative privileges, users are prevented from making significant changes to their operating system configurations, bypassing critical security settings, and accessing sensitive data. Additionally, domain administrators are prevented from controlling entire network domains, including all workstations and servers within the network.
The Risks of Administrative Privileges.
Malicious actors often exploit vulnerabilities in workstations and servers by using malware to elevate privileges, spread to other hosts, hide their existence, persist after reboot, obtain sensitive data, or resist removal efforts. However, by restricting administrative privileges, these risks can be effectively combated, as it becomes more challenging for malicious actors to operate. Moreover, environments where administrative privileges are restricted are generally more stable, predictable, and easier to manage.
Let’s Talk About Ineffective Approaches to Restricting Administrative Privileges.
Companies often think they have this area covered, undertaking certain actions that may appear to protect their system administrators, when in fact they don’t go far enough, and can lead to a false sense of security. These include;
- minimising the total number of privileged accounts
- temporarily allocating administrative privileges to user accounts
- placing standard user accounts in user groups with administrative privileges.
So keep this in mind when planning your strategy, and reach out to us at Cloud Connect if you have any questions or concerns about your current approach.
Effective Ways to Restrict Administrative Privileges.
To effectively restrict administrative privileges, organisations should take the following steps:
1. Identify the tasks that require administrative privileges to be performed.
2. Validate which staff members are required and authorised to carry out those tasks as part of their duties.
3. Create separate attributable accounts for staff members with administrative privileges, ensuring that their accounts have the least number of privileges needed to undertake their duties.
4. Regularly revalidate staff members’ requirements to have a privileged account, or when they change duties, leave the organisation, or victims of a cyber security incident.
Additionally, companies can go one step further by strictly limiting a privileged administrator’s access to the internet – to only what is required to undertake their duties.
You can visit the Australian Cybersecurity Centre for more information, and if your business needs assistance with reviewing your security systems, or implementing any of the Essential 8 strategies, please don’t hesitate to call us on (08) 94814988 or email firstname.lastname@example.org. Stay tuned for more insights as we continue our journey through the Essential Eight!