In a previous post, we discussed why access control isn't just about restricting network access to users with legitimate credentials. Access control should also restrict access to sensitive systems and data to specific users. When employees have free rein across the network, it’s like opening up a buffet for hackers who steal credentials. Access control should be based upon the principle of least privilege to limit rights and permissions that are essential for employees to do their jobs.
One area of access control that’s often overlooked is local admin rights. A user with local admin has the ability to do just about anything on that particular workstation. Ideally, local admin rights are reserved for IT teams that perform updates and maintenance on user workstations. But research shows this isn’t always the case.
According to a recent survey by PolicyPak and GPanswers.com, 57 percent of respondents said their organizations assign local admin rights to a portion of their non-IT user base. The larger the organization, the more likely they are to follow this practice. The most common reason for giving local admin rights to non-IT users is that these users need to be able to install their own software. The problem with this approach is that you sacrifice security for the sake of convenience.
Giving local admin rights to non-IT users is similar to allowing all users to access all systems and data. Users with local admin rights can download applications and utilities without permission and change settings and configurations that were established by IT administrators.
Yes, local admin rights give users the freedom to control their own devices. They can get the tools, resources and functionality they require to maximize productivity and quickly respond to customer needs without IT assistance. But at what cost?
When a non-IT user can override security measures implemented by IT, operating systems become more vulnerable to attack. Simple activities such as web browsing and email can create risk. When IT is unaware of all the software installed on a particular machine, patches can be missed. Common sense tells us that organizations that don’t provide non-IT users with local admin rights are more secure than those that do.
Taking away local admin rights will probably frustrate users at first, which is why planning is important. Determine which users truly require local admin rights from a business standpoint. This will likely be a very small percentage of all users. Recognize that there are politics involved in these decisions and develop flexible policies to ensure users get what they need to do their jobs with minimal delay and complexity.
If you implement local admin rights restrictions when you roll out system upgrades, the changes may seem more reasonable to employees. Of course, at the end of the day, temporary employee grumbling is a far less severe consequence than a major data breach.
A local admin account is a type of privileged account that’s a popular target for hackers. Hackers that are able to steal administrator credentials can use one compromised workstation to move across the network and gain access to sensitive systems and data. In the next post, we’ll discuss privileged accounts, related security threats, and best practices for privileged account management.
