(Collaboration of Mike Murphy and Jake Taylor)
How can companies prevent employees from gradually, and probably inadvertently, gaining access to more systems and resources than they need? How much of a security risk is this phenomenon? What are the most effective solutions?
The answer here can be in context of access permissions (where users can go on the network), or it can be in user and application privilege (what they can do on their local machine). Arellia can speak to the latter.
Most security exploits (over 60%) from popular targets (Microsoft, Adobe, Java, Firefox), are operated through the escalation of privilege. An exploit gains access through a particular application, which then gains access to files and registry beyond its normal function. An insider, either innocently or with malicious intent, can gain access to the organization in a similar fashion.
When speaking in context of an individual machine and the programs, files, and data it can access, the first thing a hacker looks for is to become an administrator on the machine. The average corporate laptop or workstation, unbeknownst to the end user, can have between 2-10 local administrator accounts. (Arellia research)
To create an admin account is easy as:
– Through the control panel > user accounts
– Running lusrmgr.msc
– PowerShell and Command Prompt scripts can create accounts if run as administrator
– Push a local user account from GPO/Active Directory
There are a variety of reasons why additional administrator accounts are created. Some common cases – some legitimate, some not so much – where additional admins are created:
– IT support group creates an IT Support Admin on every local machine
– Someone in the home of an employee creates his/her own admin when the corporate laptop is home
– Parent creates additional user accounts on their corporate laptop for their kids to use, thinking this will eliminate any security breaches to their business documents.
– IT Support team gets tired of a particular employee always calling in asking them to install a piece of software with Administrator credentials, so they give that employee the password.
– IT team gets tired of trying to remember a complex administrator username and password, so they create an admin user with a simple password.
– IT team images all the machines with the same Administrator username and password and leave this password in place for several years. Eventually all employees have found out what those credentials are. (Real-life example)
The security concerns with local administrator rights – whether single or multiple accounts – are several:
– Most organizations are seeing an increase in cloud-based applications and services. These are enacted through an internet browser and utilize an Active-x control. If an Active-x control launches in the context of that administrative user, it is capable of exploiting security vulnerabilities in the browser and then the entire system.
– Exploits from browsers launched by an administrator are nearly unlimited in the damage they can cause and information they can access. (See http://www.arellia.com/2012/09/19/zero-day-protection-with-privilege-management/ for comparisons of exploits by account type)
There really is no good reason for a user to always be operating in the context of an administrator. Virtually all security vulnerabilities can be avoided, or at least significantly limited, if the user is a standard user. Then the rare application that still needs administrator rights can be elevated on a per application basis.
Administrator Privilege sprawl – for both users and applications – can be mitigated through the use of a Privilege Management Tool like Arellia.
The post Human Malware – Privilege Sprawl appeared first on Arellia.