Why elevating permissions is never the answer

In IT, we’re always taught to approach the world with a sense of caution. Will this new investment be outdated before it’s up-and-running? Will this new way of working be a risk to our security?

But, for everyone else, productivity is king. When deadlines are approaching and IT seems to be getting in the way, it doesn’t matter what it takes – as long as the work gets done.

Continuing our look at privilege abuse and escalation, we’re answering a very simple question: if my users need admin rights, why can’t I just hand them over?

What harm can admin credentials do?

For the cybersecurity aware, it’s easy to dismiss this approach as something of a rarity. Who would trust users with such powerful credentials, particularly when visibility and accountability is so lacking?

However, the reality is that elevating permissions by turning users into administrators is often a quick, near-instant fix to the problem of insufficient permissions.

For business teams, it’s a way to get back to business and say goodbye to one of the things that makes IT frustrating. For IT teams, despite their best efforts, it’s a tempting way to stop the phone calls and focus on more important things.

It’s a momentary task that’s good for everyone involved. In the short term.

Administrators are administrators everywhere

The big danger of making your users into administrators is that their level of control greatly exceeds the things they actually need to do in the line of business.

Suddenly, every application that your user runs inherits their privileged credentials – including that compromised website or malicious attachment, both automatically get the elevated permissions that your attackers desire.

The knock-on effect of creating administrators goes in every direction, in places that are hard to track, audit and control. And they’re all the places your attackers will exploit your mistake.

Mitigation: remove privileged accounts

Privileged Account Management is a key mitigation method for abuse of your elevation control mechanisms.

By removing users from your local administrator groups, passwords become a key step in the process of executing powerful commands. Even if your attackers get terminal access, their activity is severely limited.

Of course, this still leaves a significant challenge: you still need to give your users administrative access in the right moments.

Next: How do attackers exploit UAC?

Written by