Restricting Administrator Privileges
Restricting administrative privileges makes it difficult for to spread malware and malicious code inside your network. In terms of access to your valuable business data, administrative accounts are the keys to the kingdom. If malicious code is activated using an administrative account, it can elevate its privileges, spread to other hosts, avoid detection, persist after reboot, obtain sensitive information and IP, and resist removal efforts; in other words, it creates the opportunity for data breaches and attacks against your systems and customers.
The consequences of a compromise are reduced if users have low privileges instead. An environment where administrative privileges are restricted is more stable, predictable and easier to administer and support. This environment is created when by having fewer users who can make significant changes to their operating environment, either intentionally or unintentionally.
Note: Privileged users should use a separate, unprivileged account, and preferably a separate physical computer, for activities that are non-administrative or risky, such as reading emails and searching the web.
In the SECMON1 blog post ‘Security Overview – Information Security Essentials’ , we spoke about what administration privileges are and why restricting them is an essential security measure.