It is good practice for an organisation to manage the access privileges that users have to your systems, the information they hold and the services they provide. All users of your systems should only be provided with the privileges that they need to do their job. This principle is often referred to as ‘Least Privilege’. A failure to manage user privileges appropriately may result in an increase in the number of deliberate and accidental attacks.
When granting a user with “Administrator” privileges this generally means that they have unlimited access around your systems and care must be taken on who has this type of access. To be able to manage your systems and hardware there will always be at least one Administrator.
How Can The Risk Be Managed?
Establish effective account management processes – manage user accounts from creation, through-life and eventually revocation when a member of staff leaves or changes role. Redundant accounts, perhaps provided for temporary staff or for testing, should be removed or suspended when no longer required.
Establish policies and standards for user authentication and access control – develop a corporate password policy that seeks an effective balance between security and usability. For some accounts an additional authentication factor (such as a token) may be appropriate.
Limit user privileges – users should be provided with the reasonable minimum rights and permissions to systems, services and information that they need to fulfil their business role.
Limit the number and use of privileged accounts – strictly control the granting of highly privileged system rights and regularly review. Highly privileged administrative accounts should not be used for high risk or day-to-day user activities, for example web browsing and email. Administrators should use normal accounts for standard business use.
Monitor – monitor user activity, particularly access to sensitive information and the use of privileged account actions. Respond where activities are outside of normal, expected bounds (such as access to large amounts of sensitive information outside of standard working hours).
Limit access to the audit system and the system activity logs – activity logs from network devices should be sent to a dedicated accounting and audit system that is separated from the core network. Access to the audit system and the logs should be strictly controlled to preserve the integrity of the content and all privileged user access recorded.
Educate users and maintain their awareness – all users should be aware of the policy regarding acceptable account usage and their personal responsibility to adhere to corporate security policies.
Source of Information
Information taken from the National Cyber Security Centre website “10 steps to cyber security – Managing user privileges“.
Reproduced under the Open Government Licence.