Code Library

It has to be said that no matter how secure you can make an operating system or service, it is only as
secure as the weakest password. For example, suppose that you have the most sensitive data on earth
and you encrypt it by using the most sophisticated technology, but then you use a password like “Password01”; this utterly defeats the purpose of putting in place a battery of secure technologies.

Let’s look at another scenario. Walk around your office and count how many people have written their passwords on notes and stuck them on their keyboards or monitors. Then, observe how many people have pictures of their family or pets on their desk. When those people need to think of a password, what is the likelihood that it might be something personal based on the pictures?

Now, let’s consider a final scenario: the social engineering attack. With this particular form of attack— which is a leading cause of security breaks—the attacker calls someone, out of the blue, and pretends to be from IT, saying he needs to verify some account information. If the attacker is good at his job, the chances are high that the hapless victim will readily provide the information.

With those scenarios in mind, the attacker will gain access to something and potentially use that access to perform an escalated attack. But, what if the account were a privileged one in the first place.

Securing privileged access is not a single technology; it is a set of practices that an organization can
implement to become more secure. Although focused primarily on privileged access, it highlights the
need for any organization to implement and test all policies related to security and conduct the
necessary readiness to make people aware of potential areas of exposure.

No network to which users have access will ever be 100 percent secure, but to begin down the path of
securing privileged access to systems and networks, you must be diligent with regard to the following
basics:

 Updates Deploy updates to domain controllers within seven days of release.

 Remove users as local administrators Monitor and remove users from local administrators if they don’t need this access. Use Active Directory to control membership centrally, if required.

 Baseline security policies Deploy policies that will maintain a standard configuration for the
organization. Exceptions will exist, of course, based on applications and certain requirements, but
these should be challenged on a repeated basis to ensure that the system is as compliant as
possible.

 Antimalware programs Maintain regular updating and regular scans of the environment. Clean
and remove threats as quickly as possible.

 Log and analysis Capture security information, perform regular reviews, and identify anomalies
within the log set. Perform follow-up action on each detected item to ensure that it is an identified source and safe “risk.”

 Software inventory and deployment Controlling the software installed in an environment is paramount to ensure that end users don’t install malware into the environment. In the same
 , it is important to know what software is out there and maintain an inventory so that you
are aware if the state of a system has changed.

With these basics covered, we can move into more details about the strategy that underpins securing
privileged access. Be aware that you will not achieve this strategy overnight, and this should be built
as a progressive implementation so that the organization’s practices can change and adapt to these
new principles.

As with most strategies, you need to establish short-, medium-, and long-term goals. The following
table describes the goals and the time frames you should use as well as the areas of focus for each
goal.

Source of Information : Microsoft Introduction Windows Server 2016