Page 43 - Cyber Warnings
P. 43
Security Hardening of Windows by Reducing Privileged Access
By Derek Melber, Technical Evangelist, ManageEngine
As I tour the world helping Active Directory administrators, auditors and security professionals
secure their Windows environment, I often get questions about privileged access. The questions
usually are about how privileges are granted and how an organization can know if its privileges
are correct.
These are great questions considering the onset of so many attacks on Windows in the past five
to seven years. It is important to see that privileged access is usually at the core of these
attacks.
There are many ways to grant privileges in a Windows environment. Granting privileges is
rather easy. Reporting and analyzing the current privileged access, however, can be a bit
harder.
There is no centralized location that shows an administrator or auditor the current privileged
access. Understanding the different technologies and features that grant privileged access is
the first step.
Then, for each area where privileges can be granted, there are five steps that should be taken
to ensure ongoing privileged access security. Those steps include:
Reporting on the current settings
Analyzing the settings to understand who has privileged access
Configuring the correct privileged access
Monitoring for changes to privileged access
Alerting, in real time, for key privileged access changes
The technologies and features in a Windows environment that grant privileged access include:
Group membership
User rights
Access control lists or permissions
Delegation
Group Membership
Depending on how the group is configured in the environment, it can have the highest level of
privileges or just a few privileges. For example, the Domain Admins group has nearly the
highest level of privileges in the entire Active Directory domain. Just adding a user to this group
grants this level of privilege.
43 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
