![]() They begin first with a secure admin workstation- a computer whose only view is that it will be used for administrative access and no other purposes. In a recent blog post, Microsoft has indicated that they too reviewed their practices and thoughts regarding administrative access. There are already known tools designed to go after the LAPS solution on your network. Microsoft is continuing to improve and advance solutions to ensure that we stay one step ahead of the attackers. That’s why patch management best practices are so critical to implement. Unpatched software that can lead to privilege escalations is often just as dangerous as having the elevated rights from the get-go. Often older unpatched Office installations are a source and means for attackers to gain access to systems. Too often attackers use phishing lures to gain access to a system and then use blended vulnerabilities to elevate their rights to the system. Then there are those situations where you may have limited the user rights, but the attacker is still able gain more access in a system. Often attackers will “audit” the organization’s rights and accesses during stealthy reviews of the network and specifically target those users that perform high-level functions or have rights to highly targetable assets. Too often, after these adjustments are made, users keeps their elevated rights and they are never removed. I often seen situations where application vendors do not properly code their applications and to get the software to function as intended, a temporary workaround of increasing the rights of the user is permitted in order to have the business function. If you still have a common shared administrative password, all an attacker has to do is phish or trick a user into handing over the credentials and then the attacker can perform lateral movement in the network. In my own network, I have progressed from having a common local administrator password, as I deployed my workstations, to where I ensure I use the Local Administrator Password Solution to generate random passwords that are then saved in Active Directory. We must make it harder for attackers to laterally move throughout our networks. From domain servers, to cloud services, to workstations, the use of administrator access should only be provided on an as-needed basis. Now is the time to rethink administrator access throughout your entire organization. Simplifying auditing and compliance will assist you in the breach investigation stage. Now you need to build your network with the view that they may already be in your network and thus limit the scope of attack. We once built our networks with a hard outer shell thinking that attackers have to break in to do damage. Second, the principle strikes a balance between usability and security protections. Networks should be segmented so that damage can be isolated and contained. Don’t make it easy for attackers to perform lateral movement throughout the network in the blink of an eye. ![]() You should review your network for two major concepts:įirst, you should design your network such that users only have the rights and access they need to do their job. Recently, my own cyber insurance carrier mandated that I ensure that I have “ multi-factor authentication protection on all network administrator accounts and any other user accounts with elevated permissions within my network.” Why is the principle of least privilege so important?Īttackers are consistently looking for ways to elevate privileges to go from mere user to domain administrator. Nowadays, even cyber insurance carriers are jumping into the enforcement of least privilege. Whether you are a domain administrator or a mere user in the network, it ensures that you only have access to what you absolutely need to perform the tasks required for your role. Just like its name, least privilege means having the least number of permissions or rights necessary to perform one’s job. The principal of least privilege (POLP) is a computer security concept that limits the number of permissions or access rights a user has to IT systems. What is the principal of least privilege? But now the cyber industry is catching up and mandating implementation of least privilege. Often vendors would demand administrator rights, or worse yet, require that you be a domain administrator to install and run certain software. For many years, the concept of least privilege was foreign in a Windows network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |