Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas
Understand and restrict admin access in your organization

Uday Mittal July 15, 2019 Leave a Comment

Understand and restrict admin access in your organization

In today’s time, providing users with unjustified administrator access on their work systems, could lead to significant business loss. A careless user may download a benign looking file and the next moment you may find yourself battling an organization wide ransomware attack. Here’s a quick guide for small business owners on how to tame this dragon:

The Dragon: Administrator Access

  • High privilege access to a system.
  • A user with this access can:
    • Add or remove programs from a system
    • Enable, disable or change system settings and services
    • Create, delete or modify users
    • Read, Modify or delete files for any user on the system
    • Disable or bypass security controls
    • In short, CAN DO ANYTHING on a given system

When to give Admin access?

  • When users are responsible for installing or uninstalling software from a system – Typically done by IT Support
  • For troubleshooting, enabling, modifying or disabling system settings and services – Typically done by IT Support
  • When a user needs to run certain software as administrator – must be provided on case by case basis
  • User is traveling or need it during a conference – must be provided on case by case basis, after duly understanding the business requirement, for a limited time period

When not to give Admin access?

  • To any user without any justified business requirement, this may include but not limited to:
    • Users having administrator access without the need of it
    • Users on shared machines
    • Users frequently attaching their machines to outside network (unless a justified business requirement is provided)
    • Users in senior management (unless a justified business requirement is provided)
    • Users responsible for sharing / transferring data (unless a justified business requirement is provided)

How to identify users with Admin access?

  • On Microsoft Windows:
    • Open a command prompt and type the following command:
      • net localgroup administrators (works on Windows XP and above)
  • On Apple MacOS:
    • Open the Apple menu
    • Select System Preferences
    • In the System Preferences window, click on the Accounts icon.
    • In the list of accounts on the left side of the Accounts window, locate your account
    • If the word Admin is immediately below an account name, then that user is an administrator on the workstation
  • On Linux:
    • Open a terminal window and type the following command:
      • grep ‘^sudo:.*$’ /etc/group | cut -d: -f4

Watch the video

Download the Request Administrator Access form by Yaksas CSC

Related Posts

  • Book Review: How to Hack Like a GHOSTBook Review: How to Hack Like a GHOST
  • Book Review: Ethical HackingBook Review: Ethical Hacking
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Awareness, Technology Tagged With: administrator access restriction, cybersecurity, Information Security, least privilege, secure access

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security crte crtp cyber-warfare cybersecurity Cyber Security Cybersecurity books domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mobile Security Narendra Modi NSA offensive security Online Safety opsec Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration Wifi Windows

Top Posts

  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • What is Adversary Emulation?
    What is Adversary Emulation?
  • Build Your Career in Cyber Security
    Build Your Career in Cyber Security
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Let there be no more MMS Scandals
    Let there be no more MMS Scandals
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress