Security Fundamentals - Part 3: Controlling Admin Privileges
by Tim, on 14/12/2018 12:22:00 PM
In Part 2, the importance of a well-maintained and well-structured hardware and software inventory and the benefits of vulnerability management was explained. The next step in the process of getting on top of security basics is gaining control of the environment. This step should be easier and more efficient if the earlier steps of creating a comprehensive inventory were completed.
The reason why controlling administrative privileges is important to an organisation is that over privileged accounts are a useful method for an attacker move inside the organisation’s network. The other benefits of this control are easier oversight of administrator actions and a lower probability of an administrator’s account being compromised.
Controlling administrative privileges involves not only applying the principle of least privilege but ensuring that separate administrator accounts are used and different from the business as usual accounts, ensuring administrator accounts do not have access to email or other messaging platforms and ensuring passwords are strong. This typically requires each administrator to have two accounts, their normal user account and the administrator account.
If the hardware and software inventory was completed in parts 1 and 2, the business should be able to identify which administrative groups are required to fulfil the requirements of the business. For example, if all the servers for the HR systems are known an administrative group for the HR system can be created and the required administrative accounts can be added to the group. This allows the business to give administrative access to the HR system, without the user being able to access the Accounting system for example. If the account was compromised, the attacker would only be able to access the HR system, not the Accounting system. This has significantly reduced the impact of the breach to the business.
For the example above, assume the organisation has implemented separate user and administrator accounts. In the example, the account was compromised due to a phishing email. As the administrator account did not have access to email, the account used to read the email would have to be the standard user account. The standard user account does not have any administrative access, so again the impact has been significantly reduced.
This article touched on some basic steps to gain control of administrative privileges, which builds on parts 1 and 2. Whilst simplified examples were used in this article, the main benefits of controlling administrative privileges are both a reduction of probability and impact of an account compromise.