Answer

The risks of granting admin rights for Windows app management

Even though it's not a security best practice, we still give most of our Windows endpoint users admin rights so they can manage their applications without support. What are the best controls we can put in place to mitigate risks?

    Requires Free Membership to View

Have a network security question for Brad Casey? Submit it via email today! (All questions are anonymous)

By giving your end users local admin rights, you are placing a considerable amount of trust in each person, and this approach can wreak havoc within the network. It's virtually impossible these days to adequately filter out threats at the network boundary. The more risk that is accepted internally, the more work that is required at the boundary.

So while you may give end users freedom with regard to what applications they can install and run, security administrators would be wise to populate a blacklist of applications that users are forbidden to use. This should be augmented by the various publicly available blacklists that can be located with a simple Google search. An even better approach would be to use application whitelisting, policies and technology to allow only a specific set of approved applications to be used on Windows clients, but this approach can be difficult to administer and even more difficult for users to accept culturally. Also, consider putting some sort of intrusion detection system in place in order to detect malicious application activity.

Lastly, frequent auditing should be conducted at the system administration level so admins are aware of what is and is not inside their network. For example, if an audit is conducted and something like Metasploit is found on one of the local boxes, this may arouse suspicion and require further investigation. On the other hand, if a given company is a security consulting firm, it may be perfectly normal for Metasploit to reside on several boxes within the network boundary.

This was first published in December 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: