Tuesday, January 23, 2018

Top three considerations when limiting local administrator rights

Ideally we would always remove administrator rights from all users. But in the real world, we unfortunately must deal with years of technical debt and poor architecture decisions that make the complete elimination of administrator rights difficult (or financially non-viable) for many organizations. So when faced with the task of prioritizing the removal of admin rights from users, where should you start?

There are many things to consider when removing administrator rights and these won’t apply to everyone (for instance some organizations are dealing with specific legacy software that requires admin rights).  But when working with clients Rendition Infosec uses these considerations as our top three.
1. Users with access to sensitive information
2. Users that use the machine to surf the Internet or open email attachments
3. Machines that have direct Internet access

Read the rest of the post (along with remediation thoughts) on the Rendition Infosec corporate blog.