ALLOWING UNLIMITED ADMIN PRIVILEGES IS LIKE GIVING AWAY THE KEYS TO THE KINGDOM!
Attackers have a variety of methods to gain the initial foothold on a target computer. Some methods are possible with users operating with Standard privileges but often are accomplished by exploiting vulnerabilities (either known or unknown) that otherwise are only possible if the user is operating with Admin privileges.
In either case, If a bad guy can get access to 1 computer that has local Admin privileges, they most likely have everything they need to “own” your whole network – in many cases regardless of whether the machine is currently connected to the network or not.
Privileged accounts are the “keys to the kingdom,” making them the top target of any attacker seeking to gain access and move anywhere within your network.
“First, attackers gain a foothold in the network by any means possible, often through exploiting an end-user computer then working to elevate their privileges by compromising a privileged account, which allows attackers to operate on a network asif they are a trusted IT administrator,” – Black Hat 2016: Hacker Survey Report.
How Can Malicious Actors Gain Access to Your Network Through Only One Computer?
Windows caches account credentials by default, allowing users to log in even if a network server (domain controller) isn’t present to authenticate the request. Once a malicious actor gains access to a computer where a network administrator has previously logged on, using local Admin privileges they can potentially retrieve a copy of the password for highly privileged network administrator accounts. In a short amount of time they can have a valid Network Administrator account with access to anything and everything on the network. The worst part is because they are accessing the network with a valid account, chances are slim that anyone would ever know that they were there. Therefore, the “chaining and linking” of Admin rights through.
“This is your weakest link-through one machine you’re ‘owned’, and you don’t even know it.”
-DefCon24
Strengthen Network Security by Implementing “Least Privilege”
The attack surface of any network can be greatly reduced by only allowing users to run as Standard Users.
Only giving users access to what they need to do their job is a key to the success of keeping your environment secure and is the practical application of a fundamental best security practice called ‘least privilege’. The principle of least privilege is a methodology in which privileges are only approved and granted when they are necessary to do a specific task or job. This makes the job for hackers much harder because it limits the chances for an attacker to compromise your entire network by targeting your typical users.
Reducing Admin Privileges is Essential
By limiting Admin privileges you’ll be reducing your attackers target from the “side of a barn” to a bottlecap.
By using our privilege access management service, privileges can be managed in real-time and not at the expense of user productivity.
Easy to implement, easy to use
Completely automate privilege elevation for many tasks without the user giving it a second thought. Other requests will be communicated directly to engineering staff who now are armed with tools to quickly evaluate, validate, and approve requests lightning fast, in some cases mere seconds.
As with the implementation of any new technology there is an expense – The technology itself and the time and labor to deploy, configure, and implement the necessary changes.
The Real Question Is: Can you afford the cost of continuing to allow even one user to have unlimited Admin privileges? Is it worth the worry and risk?
Source: csonline.com