Similar Searches

Related Posts

  • Critical Control 9: Controlled Access Based On Need to Know (February 9, 2010)

    Critical Control 9: Controlled Access Based On Need to Know In an environment in which all information is available to all authenticated users, the attacker has a number of advantages when considering which user to take advantage of: 1) The number of choices of available user targets to obtain the most ...

  • Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs (February 6, 2010)

    Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs The power of logs is that they can potentially tell us what happened on one or more systems at a given time. When attackers compromise systems, those systems can dutifully report and record everything they are doing, including everything the attacker did ...

  • Critical Control 2: Inventory of Software (February 2, 2010)

    Critical Control 2: Inventory of Authorized and Unauthorized Software While we are starting to see some research being done on hardware level attacks (i.e. BIOS level viruses have been proven to be a viable concept), most exploitation of systems revolve around finding vulnerabilities in the software. Any time a piece of ...

  • Critical Control 10: Continuous Vulnerability Assessment and Remediation (February 10, 2010)

    Soon after new vulnerabilities are discovered and reported by security researchers or vendors, attackers engineer exploit code and then launch that code against targets of interest.  Any significant delays in finding or fixing software with critical vulnerabilities provides ample opportunity for persistent attackers to break through, gaining control over the ...

  • Critical Control 5: Boundary Defense (February 5, 2010)

    Critical Control 5: Boundary Defense Controlling the flow of information is critical to properly protecting critical information. Systems and their respective data must be broken down into trust levels or classifications. Any connectivity between networks of different trust must be through a robust boundary defense that properly protects and controls information flow ...

Related News

Related Posts

  • Critical Control 9: Controlled Access Based On Need to Know (February 9, 2010)

    Critical Control 9: Controlled Access Based On Need to Know In an environment in which all information is available to all authenticated users, the attacker has a number of advantages when considering which user to take advantage of: 1) The number of choices of available user targets to obtain the most ...

  • Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs (February 6, 2010)

    Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs The power of logs is that they can potentially tell us what happened on one or more systems at a given time. When attackers compromise systems, those systems can dutifully report and record everything they are doing, including everything the attacker did ...

  • Critical Control 2: Inventory of Software (February 2, 2010)

    Critical Control 2: Inventory of Authorized and Unauthorized Software While we are starting to see some research being done on hardware level attacks (i.e. BIOS level viruses have been proven to be a viable concept), most exploitation of systems revolve around finding vulnerabilities in the software. Any time a piece of ...

  • Critical Control 10: Continuous Vulnerability Assessment and Remediation (February 10, 2010)

    Soon after new vulnerabilities are discovered and reported by security researchers or vendors, attackers engineer exploit code and then launch that code against targets of interest.  Any significant delays in finding or fixing software with critical vulnerabilities provides ample opportunity for persistent attackers to break through, gaining control over the ...

  • Critical Control 5: Boundary Defense (February 5, 2010)

    Critical Control 5: Boundary Defense Controlling the flow of information is critical to properly protecting critical information. Systems and their respective data must be broken down into trust levels or classifications. Any connectivity between networks of different trust must be through a robust boundary defense that properly protects and controls information flow ...

Critical Control 8: Controlled Use of Administrative Privileges

Critical Control 8: Controlled Use of Administrative Privileges

The “golden ticket” for attackers is administrative or root privileges on a system. With these privileges attackers have complete control of the machine they are operating on, or even more. The most obvious scenario for an attacker to gain administrative or root access is to take control of an administrative or root account. But attackers may also trick users with administrative privileges to do unsafe things on the attacker’s behalf, or misuse systems, services or processes that are running with administrative or root privileges. Critical Control 8 focuses on ensuring that administrative privileges are used as little as possible.

Every operating system – be it on a PC, a server, a mobile phone, a router, a managed switch – requires some kind of system account that is all-powerful. In order for machines to do what we want them to do, there has to be some ability for us to control everything on that system. In Microsoft Windows operating systems, this all-powerful account is the “administrator” account.  In the Unix and Linux world, it is known as the “root” account. Apple’s Macintosh and mobile operating systems also use “root.”

But the differences between the administrative accounts on operating systems is far more than just the accounts’ names. The “administrator” in a Windows environment and the “root” of the Unix/Linux variety also have different spheres of influence within the network they operate in.  Microsoft Windows environments, for instance, have administrator accounts for the domain (a named entity of which user accounts,

...
Read the original story


Source: Eric Cole @ McAfee Security Insights Blog

Write a Comment

Copyright © 2010 The Security Blog. All rights reserved.
Web Statistics Homeland Security blogs & blog posts