Protecting yourself in the Cyber Arena – Understanding Admin rights
Step 1 – Understanding Admin rights
More important: Who has them, and why they(you) don’t need them.
Let's start at the very beginning: What exactly are Admin rights (or Admin privileges /Access)?
Admin rights are the ultimate access to a given resource in a computerized environment.
It means that the one that has Admin rights, can do whatever he wants with that specific resource.
A resource on a computer can be a lot of things, for example, it can be a file (doc, spreadsheet and similar), a folder, a program/application/game/ configuration changes and it can even be the Computer itself.
A resource on a Network can be all of the above, plus it can also be a trillion more things, a minor example can be: Network folders, files or shares, database, apps, web apps, printers, cameras, camera server…. and so much more, as much as you can imagine.
Everything in the computer world every object, has an access right: when you interact with an object, the level of rights that you have, determined what you can do with that object. Admin level rights allow you to do whatever you want to do with that object.
So, it is obvious that if I want to do something bad, I will want to get Admin rights, that way I can delete it, encrypt it, spy on it or simply send it to the highest bidder (bank account password for example)
What can be done in order to prevent hackers from gaining Admin rights? There are numerous ways that hackers can gain them, they can for example use Mimikats: (see my recent blog post about Mimikatz) and there are numerous other ways of doing it. The hacker's primary goal is to gain these admin rights.
If you want to thwart the hackers' plan to get your Admin rights, all it takes is one simple thing… Don’t Use Admin Rights!!!
Almost every home user, uses a User that has full admin over his computer!
Almost every employee, uses a User that has full admin over his computer!
The catch is this: They, you, me… we don’t need to use admin rights, we need to know it, but we don’t need to use it as our primary User (even if you are Sysadmins) – and employees don’t really need to know it or user it…ever...
The reason is simple: every attack that steals the password or credential, relies on the currently logged user privileges. If that user doesn’t have the necessary privileges, the attack will fail, and the admin rights remains unobtained.
In the meantime, your own work remains unhampered. Almost everything you do on your computer does not require Admin Rights, and when it does (installing new software, for instance), the computer will ask you for them, and you can use them freely since the attacker can steal them.
Do not be mistaken, there are many other forms of attack, but by not using the admin privileges, you will render most of the attacks obsolete.
In an ever-changing cyber arena, you always need to keep up to date, always install top of the line defense programs, a greatly recommended one that can deal with a future and unknown like the Cyber 2.0 System.
And Always, Always!!! Backup!!!
Next upcoming blog post: - Backing up in the new Cyber Arena: The Good the Bad and the Ugly…