Have you thought about your applications and third party access and access rights?
In the Blog post below, Network Engineer Kevin Lyons talks about the threat of 3rd party access rights over applications.
Over the years, I have come across third parties which will insist on Domain Admin rights, just to install a piece of software on a server and a few workstations. I have worked with a company where the third party would not give a date for install without granting Domain Admin rights. The reasons given where not justified – such as ‘because it prevents issues during the install’ and ‘because that is required’. As an Network Engineer, I have dealt with a third party company who wanted to add users to the Domain Admin groups to prevent issues and it is the access needed to run in order to execute on the elevation. In this case and usually if planned properly, the correct access to a key folder was sufficient.
What can be insisted on are generally Domain Admin accounts which also run services and have non-expiring weak passwords.
Whenever a company comes on board with Outsource Group, one of the first things we do is check who are members of the Admin groups in Active Directory; the record so far was 75 accounts (a combination third party accounts and users) to run a certain piece of software, the reason given was ‘because it is needed when there is an update to the software’. On investigation the users required ‘modify’ access to a sub-folder of the program files directory.
The concerning part is users had no idea what power they wield as one mis-click could authorise an encryption of an entire domain. When thinking about the insider threat, intentional or not we have to consider what permissions our application support companies request for both themselves and the users of their system and why.
If there are any questions then please ask us at Outsource Group
#cybersecurity #microsoft #credentials #adminrights #insiderthreat #permissions #security #mssp #whensecuritymatters