In continuation of our small business series, this article delves into the topic of restricting admin privileges.
Before delving into the details, let’s familiarise ourselves with the terms we’ll encounter throughout this post.
Key terms
Admin privileges on a PC grant control over system settings, software installations and file access. It’s like having keys to every room; you can make changes, install or remove programs and access all files. It ensures control and responsibility for managing the computer effectively and securely.
Privilege escalation on a PC refers to gaining higher access rights than originally assigned. It’s akin to moving from a guest to a manager; you can access more features, manipulate system settings and potentially compromise security if misused. It’s a critical security concern, often exploited by malicious actors.
Lateral movement on a PC involves moving horizontally across a network after initial access. It’s like exploring different rooms in a building; once inside, you can move from one room to another, accessing more resources and potentially compromising additional systems. It’s a tactic used in cyberattacks to expand control and gather information.
Ransomware is like a digital kidnapper; it encrypts your files, holding them hostage until you pay a ransom. Once it infiltrates your PC, it spreads rapidly, locking files and demanding payment for decryption keys. It’s a severe threat, causing data loss and financial harm, often requiring professional intervention for recovery.
One of the primary tools both hackers and ransomware leverage is the capacity to execute actions demanding admin privileges.
With this access, they gain complete control over the system, enabling them to execute tasks such as disabling antivirus software or downgrading security settings.
This facilitates their movement within the system.
If they infiltrate a system with limited privileges, they’ll seek methods for privilege escalation to elevate their access.
This could involve exploiting weak admin passwords or employing more sophisticated techniques.
In my experience, about 80 per cent of the new devices I encounter have users designated as local administrators.
This grants them significant control over the machine, making them prime targets if the device is compromised.
As a system administrator, I’ve noticed that many IT professionals struggle to relinquish this privilege, often believing they can outsmart any potential attacks and avoid clicking on suspicious links.
However, the reality is that malware is far more sophisticated than most users, capable of swiftly identifying and exploiting multiple vulnerabilities within seconds.
In Windows Active Directory domains, it’s common for the IT team members to have membership in the Domain Admins group or possess local admin access, granting them extensive control over every device within the network.
This scenario sets the stage for lateral movement: when an Administrator account is compromised, both threat actors and ransomware can freely navigate the network, infecting machine after machine, encrypting all files, and holding them for ransom.
To combat the security risks associated with privileged access, we can follow the guidelines outlined in the Australian Cyber Security’s Essential Eight, specifically the principle of ‘restrict administrative access’.
This involves ensuring that all users, including IT staff, only have local user rights on their devices.
This means they cannot perform any type of administrative tasks. Instead, a separate admin account with a strong password should be used exclusively by IT staff for administrative activities such as software installation and maintenance tasks.
By implementing this approach, we can significantly hinder and prevent threat actors, malware and ransomware from spreading and causing widespread infection.
While it’s important to acknowledge that no security measure is foolproof, creating barriers and obstacles can greatly enhance network and client protection.
Even at home, adopting a similar strategy can bolster security.
Setting family members, including oneself, to local user status and safeguarding the admin password can provide control over software installations and protect against potential risks.
To all administrators and IT professionals, I urge you to embrace this approach.
By relinquishing administrative privileges and adopting a user-centric mindset, you can enhance security and safeguard both your networks and yourselves.
Thank you for taking the time to explore this technical overview. I trust you found it insightful.
Should you have any questions or comments, please don’t hesitate to reach out via email at askatech@mmg.com.au. Your feedback is always appreciated.