A brief post today on an article from this morning’s Times…
The risk of IT administrators gaining access to restricted systems and resources through root or Administrator privilege is “…a dirty little secret that’s being revealed,” said Robert Bigman, a former chief information security officer at the Central Intelligence Agency, quoted today in the New York Times article, “N.S.A. Leak Puts Focus on System Administrators“.
Unrestricted administrator privilege is a problem for many organizations, not just N.S.A. But when we talk with Windows IT managers about their admins having access to systems and resources they shouldn’t have, we sometimes hear:
“Oh, we don’t have to worry about our Windows Servers! We use AD (Active Directory) for that.”
Well…most organizations sort of use AD for that, but even so, AD isn’t the primary source of the problem! It’s the WindowsLocal Administrator account, which is not a domain account (i.e., not an AD account) that is the root cause of most privilege violations (no pun intended) across their critical Windows systems.
Once you grant someone Local Administrator rights, they own the machine. It’s the equivalent of being ‘root’ on UNIX or Linux. And, as the article from the Times puts it, “If they can get into one part of the network with credentials for what is called “root access,” they can get into almost everything else. They are known as the “super user.”
What’s the answer? A big part of the answer has to be control and visibility; that is, give people the privileges they need to do their job but not to access systems and resources they shouldn’t, and securely audit their behavior.
See the New York Times article here:
See how Centrify can help here: