When Users Become Abusers

Print
User Rating:  / 0
PoorBest 

If someone were to ask for permission to systematically destroy the corporate IT infrastructure and ultimately bring the business to its knees, the obvious response would be “NO.” For some reason, however, employees are often given the power to do exactly that.

 

Lesser of Two Evils

The unfortunate reality is that when businesses decide on their approach to admin rights, the decision is more often than not based on cost. Commonly, business leaders will have to choose one of the two options below:


­*Deny users admin rights, and spend extra resources supporting them
­*Allow users admin rights, thus reducing  support costs in the short term, and face the consequences


In a perfect world, every organization would take the first option.

But we don’t live in a perfect world, and the reality is that the second option appears at first glance more cost effective. So, when a user rings asking for permission to install a missing piece of software, the quickest (and usually cheapest) option is to grant that user admin rights.

But you may as well have given the user a time bomb to hide in the network.

Most organisations have no way of auditing what a user with admin rights has done during this privileged period, and additionally, all too often the admin rights aren’t revoked immediately, leaving the desktop and entire IT infrastructure open to abuse.

The Keys to the Kingdom

So, just what are the risks if users have admin rights? Here’s the top 10:

1) Inadvertently, or deliberately, install kernel root kits

The kernel is the lowest level of the operating system and therefore has the highest level of access to the whole computer or server. A root kit is a piece of code that runs in the kernel. Anti-virus and anti-spyware use it, but it can also be invaded by other malicious code—wreaking havoc while remaining invisible and undetectable and therefore almost impossible to remove.

2) Install keyloggers and other spyware

Primarily these are a violation of privacy, but they are also capable of stealing login details and other credentials

3) Install malicious ActiveX controls

Many websites rely on ActiveX controls to provide rich, interactive functions, continually prompting users to install it. With the web browser ultimately a window to the online world of web services, applications and content, however, it is the easiest way into the user’s system and therefore into the business. Drive-by downloads often use ActiveX controls, with the user oblivious to the files being installed.

4) Install illegal, unauthorized or unlicensed software

In addition to the risk of embedded malware, this also poses a commercial issue as it is impossible to know the origin of the software. Free “licensed” software may come at a hidden price.

5) Set code to auto run when logging on

Malware will use this, often backed up by rootkits, to make sure that it not only automatically starts but also conceals its activities.

6) Stop services (such as HIPS, Firewalls), and circumvent other IT controls

Users could inadvertently switch off security applications, such as anti-virus, the firewall or even intrusion detection software. If malware has, or does, slip through and infect the system, it can cancel these services to avoid its detection.

7) Create and modify local user accounts

If a user has been exploited, the most common approach is to delete his or her account and create a new one. Malware is often designed to create itself a local admin account, thereby remaining on the desktop.

8) Access other users’ data

Standard users shouldn’t have the right to read anyone else’s data, but with an admin account, they’re free to sneak a peak at anything and everything.

9) Replace critical OS files with trojans

Again, malware will hide itself in the operating system, disguising itself as a genuine application (e.g., a Microsoft component or application, so it can bypass traditional scanning techniques).

10) Render the machine unusable

It is unlikely malware will do this, as rather than destroy, it’s designed to remain undetected so it can function indefinitely. An inept user, however, could manage to delete, install or change a key application—perhaps not instantly but with enough changes to cause the downfall of the machine.

Although each point is damaging, you might find it’s a combination of these threats that faces your organization. So, what can you do about it?

Top Tips for Securing the Desktop

In addition to the usual security precautions, such as installing anti-virus and firewalls, here are five key tips to prevent users from becoming abusers:

Tip 1: Group policy

A feature of Microsoft, you can use group policy to control what users can and cannot do on the system. By restricting certain actions, such as blocking access to the task manager, restricting access to certain folders, disabling the downloading of executable files and so on, many of the risks outlined previously can be minimized.

Tip 2: Don’t give users admin rights in the first place!

It’s a fact that approximately 90% of malware relies on some form of admin right through which it can access and infect the system. Instead, a least-privilege approach will remove the risk of installing malicious software—intentionally or accidentally—as well as restricting users’ malicious or inept behaviour. This means ensuring, either manually or with software, that every process, user or program can access only the necessary information and resources.

Tip 3: Protect the perimeter

Create white lists and black lists that control which applications and devices can run in your environment. That said, even authorized storage devices can be risky, as USB memory devices containing autorun malware have infected networks. Make sure drivers include digital signatures.

Tip 4: Secure web browsers and email clients

As discussed earlier, these are the window to the IT-world and your first line of defense, so forbid unauthorized browser applications.

Tip 5: Education

Although an obvious one, it’s astonishing how many employees are oblivious to the risks they expose their organization to. IT policies not only need to be created, and regularly updated to encompass new risks, but they must also be communicated to users. They should cover key user activities including which websites they should/shouldn’t visit, types of devices allowed, what they can or can’t do with data, and passwords.

Ten years ago, organizations didn’t have a choice regarding admin rights. Today they do. If yours decides to allow them, prepare for the consequences.

About the Author

Paul Kenyon is co-founder and Chief Operations Officer at Avecto.

Add comment

Security code
Refresh

LiveZilla Live Help
Copyright ©2002-2012 ARMINDS LLC. All Rights Reserved.
Official PayPal Seal
Joomla 1.6 Templates designed by Joomla Hosting Reviews