It is difficult these days to look at the news and not see an article about some major organization being compromised by some type of cyber attack. Whether it be by external hackers in a structured manner or by disgruntled employees with malicious intent, or accidently, the circumvention or destruction of security measures is on the rise. The risk to corporate reputations, customer information, intellectual property and key competitive data and other mission critical information has never been greater.

Interestingly, in every organization where Microsoft (News - Alert) is the dominant, if not sole, computing environment, there is a dangerous keyhole that can open up organizations to bad actors of all types in the form of local administrator accounts. These accounts (think about when you set up access to your computer and it asks whether you are the administrator or wish to sign on as another user with a different user profile) are sometimes created directly by users. Unfortunately, because they are local they are often hidden from IT managers’ standard tracked list of administrative accounts managed by Active Directory. This means they can be used by malware to install malicious software on local computers through the administrator account. Worse, once “in,” further penetration into an organization’s IT environment is possible and actually very likely given the attackers intent.   

Security specialists Viewfinity have a deep understanding of the risks associated with the problems arising from the compromising of local administrator accounts and have methods for helping IT managers mitigate the risks by managing privileges and closing the keyhole into their Microsoft environments. 

What are the risks?

Viewfiniy has identified the top risks arising from possible compromising of local administration rights.

• Installation of unauthorized devices and software
• Adding unauthorized users to the admin group
• Unauthorized management of administrative credentials (such as UAC password access)

They have developed a privilege management capability that gives IT managers the tools to literally view all of the activities associated with local administration, allowing them to be both proactive as well as reactive in dealing with risks arising from compromised devices and servers. The company’s Privilege Management Project enables IT managers to do such things as:

• Discover users with administrative rights
• Discover applications requiring administrative rights
• Automatically build policies
• Remove admin rights
• Policy authorization management
• Auditing and reporting for compliance validation

This type of holistic view is made all the more important because security is not just about people have privileges but on devices and applications having them as well. 

Least you believe that this seems to be not something to address with urgency, think again. Most attacks to corporate information are internal, i.e., originate behind perimeter defenses, and many occur as a result of leaky local administration accounts. All one has to do is think of the damage that can be done because of one compromised or stolen PC that contains critical information and the need to evaluate better ways of assuring the risk of such a compromise can be mitigated becomes self-evident.

Viewfinity will be the featured speakers for an insightful webinar, Using Group Policy to Manage Administrator Rights, on Tuesday, March 13, at 2 p.m. EST/ 11 a.m. PST. Find out more about: 

• Leveraging Group Policy to elevate privileges for the standard user
• Blocking applications and toolbars
• Customizing and configuring security messages to end users

This is certainly a case where the investment of a little time can have huge returns for you and your organization.