Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Take full advantage of new web based administration tools without the risks

November 2, 2017

  • Blog
  • Archive

Microsoft’s recent Project Honolulu announcement introduces a new method of managing Windows Server systems from a centralized HTML5 web application, moving away from the legacy MMC snap-ins. This now makes it much easier than using a command line tool for ad-hoc configuration and troubleshooting tasks that depend more on exploration and investigation rather than scripting and automation.

Giving access to web-based administration is a great way of supporting the need for mobility in the workforce, however each one of these systems can increase an organisation’s attack surface. Data breaches frequently result from poor authentication practices, weak passwords, and even unsecure remote access, which remains as the #1 method of compromise according to Trustwave’s 2017 Global Security Report. By implementing this new web-based management method, organisations could inadvertently create a significant security risk. In a worst-case scenario, a threat actor could destroy or reconfigure the whole infrastructure with a few simple clicks if this system was compromised.

But there is good news. Implementing the following simple controls allows organisations to provide remote access to these new Windows sever management tools and remain secure.

  • Multifactor authentication is an important security control for critical systems and should be implemented wherever possible. If a management console is not compatible with multifactor authentication, consider putting it behind a secure access tool that requests a second factor before providing access to the solution.
  • Network segmentation delivers a great security control, but when providing remote access it can become very complex. The goal is to make the management console "go dark", which may sound complicated but the key is to implement a system that lets users do their jobs faster and easier than they do today. Look for a solution that can provide access from anywhere, in a hardened sandboxed browser without ever exposing or publishing the management console directly out to the internet.
  • Organizations often struggle with privileged user management. Frequently, access rights aren’t removed or updated if a job function changes or a user leaves the organization. And by creating shared accounts for the onboarding of contractors and 3rd party vendors, the risk of sharing credentials and access to these types of systems is clear, with 81% of hacking related breaches using stolen and/or weak passwords according the Verizon 2017 Data Breaches Incident Report (DBIR). It’s important to deploy a solution that allows for granular control and management of privileged users – giving them the right access, to the right systems, at the right time.
  • Password management is just as important as privileged user management. Look for an enterprise password vault where credentials can be stored, rotated, and randomized so users never see them. Eliminating the visibility of credentials reduces the threat of being phished or used through another pathway.

With the drive by Microsoft and other vendors launching new tools to enable IT teams to do their jobs with more efficiency and speed, comes additional risks. By ensuring the right controls and security are implemented around all remote access pathways into your infrastructure, organisations can take full advantage of the benefits that these new tools can provide. 

Karl Lankford

Director, Solutions Engineering

Karl Lankford is the Director, Solutions Engineering, for BeyondTrust and has worked at BeyondTrust for 4 years. He has acquired a wide-range of security experience and knowledge working with companies during the last 10 years across multiple industries and is a regular speaker at industry conferences.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.