Part 5 of our comprehensive Essential Eight cybersecurity series for Australian businesses.
The Problem with Excessive Privileges
Administrative privileges are the keys to your kingdom. When users have more access than they need, a single compromised account can lead to catastrophic damage.
The ACSC consistently ranks excessive privileges as a major contributing factor in successful cyber attacks against Australian organizations.
Why Restrict Administrative Privileges?
Limiting Blast Radius
When an account is compromised (via phishing, malware, or other means), the attacker inherits that account's privileges. A standard user account limits what attackers can do. An admin account gives them everything.
Preventing Lateral Movement
Attackers use administrative credentials to move laterally across networks. Restricting admin access makes this significantly harder.
Reducing Insider Risk
Whether malicious or accidental, users with excessive privileges can cause more damage. Limiting access limits risk.
Key Principles
Principle of Least Privilege
Users should have only the minimum access necessary to perform their job functions—no more, no less.
Separation of Duties
Administrative functions should be separated so no single account can perform all critical actions.
Time-Limited Access
Privileged access should be granted only when needed and revoked when no longer required.
Maturity Levels
Maturity Level One
- ▸Remove local admin rights from standard users
- ▸Use dedicated admin accounts for privileged tasks
- ▸Disable local administrator accounts where possible
- ▸Implement basic privileged account inventory
Maturity Level Two
- ▸Implement Privileged Access Management (PAM) solutions
- ▸Just-in-time (JIT) access for administrative tasks
- ▸Enhanced logging and monitoring of privileged activity
- ▸Regular access reviews and certification
Maturity Level Three
- ▸Full privileged access workstations (PAWs)
- ▸Tiered administration model
- ▸Automated access governance
- ▸Continuous compliance monitoring
Implementation Strategies
1. Privileged Account Inventory
You can't manage what you don't know exists. Identify all accounts with elevated privileges:
- ▸Domain Administrators
- ▸Local Administrators
- ▸Service accounts with admin rights
- ▸Emergency/break-glass accounts
- ▸Application-specific admin accounts
2. Remove Unnecessary Admin Rights
Most users don't need local admin on their workstations. Remove these rights and:
- ▸Deploy software via centralized tools
- ▸Use privilege elevation solutions for specific tasks
- ▸Implement self-service tools for common admin actions
3. Dedicated Admin Accounts
- ▸Standard account: Daily tasks, email, browsing
- ▸Admin account: Used only for administrative functions
- ▸Never use admin accounts for email or web browsing
4. Privileged Access Management
- ▸Password vaulting and rotation
- ▸Session recording and monitoring
- ▸Just-in-time access provisioning
- ▸Approval workflows for privilege requests
Common Challenges
"But I need admin for my job!"
Often this reflects workflow issues, not actual requirements. Investigate specific needs and provide targeted solutions.
Legacy Applications
- ▸Application virtualization
- ▸Shim databases to allow specific elevated actions
- ▸Vendor engagement to fix the application
Cultural Resistance
- ▸Clear communication of security rationale
- ▸Fast-track processes for legitimate elevation needs
- ▸Executive sponsorship for the initiative
Next Steps
Restricting admin privileges limits what attackers can do. But you also need to keep systems themselves secure. Our next article covers Patch Operating Systems—keeping the foundation of your IT environment protected.
Need help implementing least privilege? Cloudscape IT provides identity and access management consulting for Australian businesses. Contact us for an assessment.
---
This article is part of our Essential Eight cybersecurity series.
