A Practical Guide to Cyber Security for Small Businesses by Nick Ioannou
Author:Nick Ioannou [Ioannou, Nick]
Language: eng
Format: azw3
Publisher: ITSM Press
Published: 2018-10-08T16:00:00+00:00
10.
Admin Privilege
The principle of least privilege can go a long way to raising your security level, because you only give access and authority that is essential for a user to carry out their job. If they are not allowed to do something malicious because system doesn’t let them, it also means they cannot be tricked into doing something malicious or giving away permission for something else to do anything malicious either. This translates to removing administrator privileges to install software for your users, and as it turns out doesn’t cost anything to implement.
User accounts that are not allowed to install software are ‘standard’ users and if they do try to install anything they are prompted to enter the credentials of an account that does have permission. If this prompt to enter admin credentials appears unexpectedly, you can be sure that something triggered it and start to investigate if anything malicious is afoot. Trusted users can know what the admin account password is, so I’m not saying to deny everyone the right to install software or make changes.
Users with admin rights can do more than install software though, they can also change passwords, add new users, change file and folder permissions, and disable security software, which means a piece of malware can do the same, if the user is tricked into running it. To help identify who in your company has admin rights, there are a couple of free Windows utilities which discover your privileged accounts on the network and generate a detailed report.
Privileged Account Discovery Tool by Thycotic
https://thycotic.com/solutions/free-windows-privileged-account-discovery-tool/
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(12953)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10346)
Hello! Python by Anthony Briggs(10193)
The Mikado Method by Ola Ellnestam Daniel Brolund(10106)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(10041)
Dependency Injection in .NET by Mark Seemann(9580)
Hit Refresh by Satya Nadella(9013)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8585)
The Kubernetes Operator Framework Book by Michael Dame(8358)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8157)
Robo-Advisor with Python by Aki Ranin(8107)
Practical Computer Architecture with Python and ARM by Alan Clements(8090)
Implementing Enterprise Observability for Success by Manisha Agrawal and Karun Krishnannair(8071)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7965)
Svelte with Test-Driven Development by Daniel Irvine(7960)
Building Low Latency Applications with C++ by Sourav Ghosh(7959)
Grails in Action by Glen Smith Peter Ledbrook(7940)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7898)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7883)
