Protecting yourself in the Cyber Arena – Understanding Admin rights

Step 1 – Understanding Admin rights
More important: Who has them, and why they(you) don’t need them.

Let's start at the very beginning: What exactly are Admin rights (or Admin privileges /Access)?
Admin rights are the ultimate access to a given resource in a computerized environment.
It means that the one that has Admin rights, can do whatever he wants with that specific resource.
A resource on a computer can be a lot of things, for example, it can be a file (doc, spreadsheet and similar), a folder, a program/application/game/ configuration changes and it can even be the Computer itself.

A resource on a Network can be all of the above, plus it can also be a trillion more things, a minor example can be: Network folders, files or shares, database, apps, web apps, printers, cameras, camera server…. and so much more, as much as you can imagine.
Everything in the computer world every object, has an access right: when you interact with an object, the level of rights that you have, determined what you can do with that object. Admin level rights allow you to do whatever you want to do with that object.
So, it is obvious that if I want to do something bad, I will want to get Admin rights, that way I can delete it, encrypt it, spy on it or simply send it to the highest bidder (bank account password for example)

What can be done in order to prevent hackers from gaining Admin rights? There are numerous ways that hackers can gain them, they can for example use Mimikats: (see my recent blog post about Mimikatz) and there are numerous other ways of doing it. The hacker's primary goal is to gain these admin rights.

If you want to thwart the hackers' plan to get your Admin rights, all it takes is one simple thing… Don’t Use Admin Rights!!!

Almost every home user, uses a User that has full admin over his computer!
Almost every employee, uses a User that has full admin over his computer!
The catch is this: They, you, me… we don’t need to use admin rights, we need to know it, but we don’t need to use it as our primary User (even if you are Sysadmins) – and employees don’t really need to know it or user it…ever...

The reason is simple: every attack that steals the password or credential, relies on the currently logged user privileges. If that user doesn’t have the necessary privileges, the attack will fail, and the admin rights remains unobtained.
In the meantime, your own work remains unhampered. Almost everything you do on your computer does not require Admin Rights, and when it does (installing new software, for instance), the computer will ask you for them, and you can use them freely since the attacker can steal them.
Do not be mistaken, there are many other forms of attack, but by not using the admin privileges, you will render most of the attacks obsolete.

In an ever-changing cyber arena, you always need to keep up to date, always install top of the line defense programs, a greatly recommended one that can deal with a future and unknown like the Cyber 2.0 System.

And Always, Always!!! Backup!!!

Next upcoming blog post: - Backing up in the new Cyber Arena: The Good the Bad and the Ugly…

Comments

Post a Comment

Popular posts from this blog

Cyber 2.0 vs Traditional antivirus and Organizational Firewall

Current security standards in an organization consists of the following base components: ·          Antivirus (standard and or next gen) ·          EDR or IDS\IPS systems ·          Organizational Firewall Each defense mechanism Is designed to stop Cyber Threats in its own way: Standard Antivirus: Search for signatures of known virus and malware codes Next Gen Antivirus: Search for anomaly in either the code or the behaviors of the programs EDR and IDS\IPS system: analyses the traffic of the network for known signatures, anomaly’s or suspicious behavior The firewalls (internal or external): minimize the allowed traffic per ports and\or applications. All of these different defense mechanisms, suffer from a vital flow that is inherit in the system: They can only protect what they know! Even the anomaly and behavior-based system, are limite...
Read more

Cyber ​​2.0 introduces: "Work in Time of Corona"

Cyber ​​2.0 introduces: "Work in Time of Corona" Nowadays, when the demand for employees working from home is growing, employees who leave the organizational security system, find themselves exposed to cyber attacks that exploit the fact, that their computers are exposed to threats when working from home. Massive new-generation cyber protection is required for employees working from home: protection that allows the organization's employees transparency, receiving threat alert notifications, and even blocking the threats that employees are exposed to. This protection will allow protection of the organizational components that employees are addressing, while at the same time allowing employees to maintain their privacy Cyber ​​2.0, which provides a service that essentially prevents and blocks any spread of cyber - attack, including new and unknown attacks, within and outside the organizational system, has already begun moving its customers into a configurati...
Read more