Welcome to How To Secure Your SMB Network! This is part 8 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.
What Are Local Administrative Rights
Local Administrative Rights give you full access to a computer. This allows you to install programs, remove programs, modify and delete any files on the computer (regardless of which user created them), and change any settings/configurations that you wish.
Why Do You Need Administrative Rights
In most situations you don’t. During my normal day to day work on my computer, my user account does not have Administrative Rights. In the past many programs would not run without Administrative rights. Today most programs will run without local administrative rights and for the ones that do require it there is normally a work-a-round. Manual software installations and upgrades/patches will always require local administrative rights. However, in business environments, patching and upgrades are deployed automatically using Windows Server software or Remote Monitoring and Management software. This eliminates the need for granting Local Administrative Rights to the end users.
Why Should We Restrict Administrative Rights
There are two schools of thinking regarding Administrative Rights. Some businesses have strict IT policies and prohibit employees from installing software themselves, changing settings, etc. In these cases restricting administrative rights forces employees to comply with the IT policy.
Other businesses are much more lenient and allow their employees more freedom to personalize their computers.
The number one reason why you should be restricting administrative rights is to combat malware, ransomware, and viruses. If a user opens an infected email attachment or clicks on a link they shouldn’t, the malicious program can only execute using the permissions/rights of the end user. As a result, if the end user has Administrative Rights, the malicious code/program can likely do whatever it was intended to do on that computer. Therefore, if the user account doesn’t have permissions to install files or edit certain files, then the malicious code won’t be able to execute as it was intended. In a properly secured SMB network, the end user is always the weakest link. Restricting local administrative rights greatly reduces this risk.
Principle of Least Privilege
The Principle of Least Privilege states that a user should only be given the permissions essential to performing their job. For Example, users in the Accounting department would not have access to files used by the Engineering department. When properly implemented, this principle reduces the ability for malicious code to do damage. As a result, if someone in the Accounting department is infected with malware, the Engineering department is unaffected because Accounting users do not have any access to Engineering files. The Principle of Least privilege dramatically reduces the attack surface for malicious code thus minimizing any resulting damage.
How To Secure Your SMB Network – E-Book
This is the eighth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the How To Secure Your SMB Network page.