Whitepapers
-
Resources
Privileged Access Threat Report 2019
Find out about the latest major security threats facing companies and how to truly defend your business from inside and out.
Download the ReportOn the Blog
News
Find out about the latest major security threats facing companies and how to truly defend your business from inside and out.
Download the ReportThere are many reasons why it’s a good idea to run without admin rights, but for a recent webinar by Avecto, I narrowed it down to my top 5 reasons why it’s important to do so.
You can hear more about these on the on-demand webinar and see real examples of ethical hacking, where I show you some actual scenarios of vulnerabilities in the Windows OS.
When talking about security, I always talk about proactive and reactive measures. Both are needed, but the proactive measures are much more important. This includes things like software whitelisting, managing permissions and firewalls. These protection layers keep the computer clean and efficient.
Reactive measures like anti-malware and blacklisting are usually late to the party – but should be layered on top of proactive prevention, just in case something gets through. Here we’re talking about proactive measures – removal of admin rights (and the effective management of user rights using privilege management technology) to secure your business PCs – and the 5 big reasons why it can’t be avoided.
As your computer can’t differentiate between good and bad software, the only way to prevent the installation of malware is to prevent installations as a whole. So in this case, your standard everyday user shouldn’t be able to install software that affects the whole computer. Many people think that with UAC in Windows 7 and 8, there is no need to limit user admin rights. This is a myth and is far from the truth! In the on demand webinar, I demonstrate why.
I have recently seen code written by an 11 year old that configures the PC to run as a wireless access point, which can bypass UAC.
A limited user cannot write files or entries in places where admins can. Ultimately this means that by removing admin rights, your PCs are cleaner and more stable, with a longer lifespan. Usually people tell me that they reinstall their Windows OS every 6 months or every year to keep the machine running effectively. Without admin rights, there’s no need to do this. Less reinstallations means less help-desk impact, and less cost.
An admin user can turn off your protective measures. They can disable your firewall, antivirus, encryption, Group Policy and more. And if the admin is running malware, the malware can do the same.
Shockingly, all big zero-day attacks reported in the media from 2010-2013 required admin rights! Malware could never affect the computer in the first place without admin rights.
Microsoft’s own Security Policy states that a user in the local admin group can manage the computer 100%. There is no way of controlling administrators with Group Policy. They can do what they want, full stop.
They can deny the system from reading policies – and if you deny the rules, you don’t have to obey them! Watch the webinar to see how it’s done. Removing admin rights and running with standard users removes this risk immediately.
Your network is only as secure as its weakest link. One computer on the domain running admin rights is a hole that compromises the entire network. I demonstrate how admins can inject bait into a PC using a security gap, run with the highest privileges and bypass UAC to gain access to the whole network.
My top tips for removing admin rights:
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.