A Practical Guide to Cyber Security for Small Businesses by Nick Ioannou
Author:Nick Ioannou [Ioannou, Nick]
Language: eng
Format: azw3
Publisher: ITSM Press
Published: 2018-10-08T16:00:00+00:00
10.
Admin Privilege
The principle of least privilege can go a long way to raising your security level, because you only give access and authority that is essential for a user to carry out their job. If they are not allowed to do something malicious because system doesn’t let them, it also means they cannot be tricked into doing something malicious or giving away permission for something else to do anything malicious either. This translates to removing administrator privileges to install software for your users, and as it turns out doesn’t cost anything to implement.
User accounts that are not allowed to install software are ‘standard’ users and if they do try to install anything they are prompted to enter the credentials of an account that does have permission. If this prompt to enter admin credentials appears unexpectedly, you can be sure that something triggered it and start to investigate if anything malicious is afoot. Trusted users can know what the admin account password is, so I’m not saying to deny everyone the right to install software or make changes.
Users with admin rights can do more than install software though, they can also change passwords, add new users, change file and folder permissions, and disable security software, which means a piece of malware can do the same, if the user is tricked into running it. To help identify who in your company has admin rights, there are a couple of free Windows utilities which discover your privileged accounts on the network and generate a detailed report.
Privileged Account Discovery Tool by Thycotic
https://thycotic.com/solutions/free-windows-privileged-account-discovery-tool/
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
The Mikado Method by Ola Ellnestam Daniel Brolund(23444)
Hello! Python by Anthony Briggs(22578)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(21366)
Kotlin in Action by Dmitry Jemerov(20425)
Dependency Injection in .NET by Mark Seemann(20375)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(20264)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(19439)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(18248)
Grails in Action by Glen Smith Peter Ledbrook(17371)
Adobe Camera Raw For Digital Photographers Only by Rob Sheppard(16969)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(14803)
Secrets of the JavaScript Ninja by John Resig & Bear Bibeault(12768)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(11204)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10598)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(10435)
Hit Refresh by Satya Nadella(9126)
The Kubernetes Operator Framework Book by Michael Dame(8543)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8369)
Robo-Advisor with Python by Aki Ranin(8313)
