Implement Least Privilege

"[The Principle of Least Privilege] requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use."

Department of Defense (DOD-5200.28-STD), also known as the orange book

In a least privilege environment, users have the privileges necessary to perform their duties only when they need them. Every time a user is granted privileges that go beyond what is required for a specific task, the system is put at risk. In a Windows Least Privilege environment end users are not entitled to local administrator or even power user status. However there is a need to allow users to run custom, in-house and 3rd party developed applications that require local administrator privileges, as well as to manage their own printer, system time and other selected computer settings. Until BeyondTrust Privilege Manager the only answer to this problem has been to make each user a member of the Administrators group and provide them with Administrator login credentials.

Implementing Least Privilege with BeyondTrust Privilege Manager:

• Enables end users without administrative privileges to run all applications
• Allows restricted users to self install approved applications and ActiveX controls
• Centralizes control – network admins make security decisions, end users do not

Privilege Manager allows network administrators to attach permission levels to Windows applications. When an end user is not running an authorized task administrative permissions are not available—a critical component of a successful Least Privilege management model.

More Information
For more information about BeyondTrust Privilege Manager sign up for a webinar.