This is the final blog in our series on the ASD Essential Eight, and we’ve kept a crucial element for last – administrative privilege management. Users who are given administrative access to your networks can modify security settings, as well as accessing or exfiltrating your sensitive data.
However, the use of privileged accounts is a necessary requirement for the management of enterprise networks. In this article, we explain how to develop a policy that defines how your business manages privileged accounts, as well as how to overcome some of the common challenges in deploying these policies.
What to consider when managing privileged accounts?
First, it is important to identify tasks that require administrative access.
Second, identify the users whose job role it is to do those tasks. Administrative accounts should not be given to staff purely based on seniority or job title, they should be provisioned when a staff member has a requirement to use them as part of their job function. Once it has established which users require privileged accounts, create separate, attributable accounts for each of these users.
It is important to keep track of which users are doing what on your network. By tying each user to their own administrative account, it is possible to create an audit trail for each individual.
How do I keep my privileged accounts secure?
The priority of an internal or external attacker when they first land on your network is to get their hands on a highly privileged account, so it’s critical that they are well secured.
One of the fundamental pillars of account security is password security. Strong passwords are vital for all users across your network, but especially so for accounts with administrative rights. Ensure strong, complex passwords and multi-factor authentication are implemented for those accounts.
The ASD recommends where possible reducing the risk of privileged accounts being attacked directly by limiting their access to email and the internet. This mitigates the risk of phishing attacks directly capturing administrative credentials.
By limiting administrative functionality to hardened workstations – separate from the day-to-day business environment, it’s possible to isolate administrative credentials from systems that may have had vulnerabilities or misconfigurations introduced by the regular operations of your business.
It is also worthwhile logging administrative activity on your network to ensure there is an audit trail if anything does go wrong.
Finally, ensure the requirement for staff members to have privileged accounts is frequently re-evaluated, especially when they change roles, are involved in cyber security incidents or leave the organisation!
What are the downsides to restricting administrative privileges?
There may be pushback from employees who are not granted administrative access or have their existing access removed. Ensure the criteria for privileged accounts are understood by employees and consistently applied across the organisation.
The ASD recommends that employees are given the least amount of administrative privileges required to perform their role.
Maintaining your policy
Once your policy is complete and has been fully endorsed by the business, it’s time to share the plan with the relevant people so that you can manage it. Regular maintenance will be required by way of role management to ensure the business stays compliant. It’s easy to set systems in place and then forget about them, so regular audits should take place to ensure the cyber security protocols are being followed.
Ready to take the next steps with privilege management?
Implementing a Privilege Management solution can be daunting at any scale. At The Missing Link, our expertise in cyber security can help you put together a policy that will not only secure your administrative privilege management but help work towards future-proofing your security so that your business can continue to grow. Contact us today to get started.
If you liked this article, you may also like:
MFA: How it works & why you need it
How to create an application whitelisting policy
Why you need a Managed Security Service Provider