Settings
Language
Color Theme
Responsible Administration
In this training, we'll learn how secure and responsible administration helps to protect sensitive data, safeguard critical systems, and mitigate security risks.
Defining Privileged Access
Privileged access refers to the elevated level of permissions and capabilities granted to certain users within an organization, allowing them to access, modify, or control critical systems, sensitive data, and administrative functions.
Is the following statement True or False:
Privileged users don't need to adhere to company policies or procedures
Being in a position of power, privileged users must adhere to the highest ethical standards. Their actions should always align with company policies, procedures, and legal requirements.
View Options Again
True
False
Risks & Challenges
Privileged accounts increase the potential attack surface of an organization, as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.
What's a potential security impact of having too many privileged users?
Privileged accounts increase the potential attack surface of an organization as malicious insiders and cybercriminals can use these accounts to steal sensitive information or even bypass security tools and processes that have been implemented.
View Options Again
More administrators mean there are more individuals protecting the organization.
There's an increased attack surface that cybercriminals may exploit.
Administration activities will be easier to perform.
The organization will become more efficient.
Tips & Tricks
To stay safe and secure, privileged users should always use multi-factor authentication, use secure communication methods, and remain aware of phishing threats.
Use Multi-Factor Authentication
Use Secure Communication Protocols
Remain Aware of Phishing Threats
Multi-Factor Authentication (MFA) should be enabled for administrators on all services, applications, and websites they use. Ideally, access should be centralized and controlled through Single-Sign-On (SSO) to reduce the need to manage separate passwords.
Avoid using insecure communication methods like FTP or Telnet, where passwords are communicated in plaintext. Ensure any network communication is encrypted and the certificate used to facilitate the encryption is trusted. Also, avoid the use of untrusted public Wi-Fi networks, but if you must, connect to a VPN.
Administrators are considered a prime target for cybercriminals. Whenever you receive an email, SMS, or social media message, always ask yourself if the message is expected, if the sender's address appears legitimate and known, and whether the message is asking you to perform an action that seems suspicious (e.g., click on a link).
Practicing Least Privilege
Using least privilege helps to reduce the overall attack surface an organization faces.
Restricting user access
Implementing role-based access control
Regularly reviewing privileges
When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.
Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.
It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.
Is the following statement True or False:
When granting users access, it's best to give slightly more access than what is needed.
When granting users access, they should only be granted the minimum level of access necessary to perform their specific job responsibilities, limiting their ability to make unauthorized changes or access sensitive data.
View Options Again
True
False
Is the following statement True or False:
Access permissions shouldn't be based on predefined roles and responsibilities.
Access permissions need to be based on predefined roles and responsibilities, ensuring that users only have access to the resources and functions required for their specific roles.
View Options Again
True
False
Is the following statement True or False:
It's important to conduct periodic audits to evaluate and update user permissions.
It's important to conduct periodic audits to evaluate and update user permissions, remove unnecessary privileges, and ensure that access rights align with the principle of least privilege. This will reduce the risk of privilege creep and maintain a secure environment.
View Options Again
True
False
Wrapping Up
Privileged users hold a position of trust, and with this trust comes responsibilities. As administrators, we must ensure we follow security best practices and organizational policies and administer them ethically.
Back
Next
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme