Steve provides research, analysis, insight and commentary on topical issues and events.
He lives in New Zealand and has been working at FastTrack Software for 10 years as a cyber security analyst and technical writer.
Are You Responsible for Losing the Mothership?
It’s Independence Day, 1996 (yes – the movie
An ungodly alien mothership orbits the earth sending out smaller ships to wreak havoc and kill millions of people in the biggest cities worldwide, with the ultimate goal of stealing all of the earth’s natural resources.
Jeff Goldblum’s character, a lowly satellite technician, comes up with the brilliant plan of creating a virus and uploading it directly to the Alien Mothership’s mainframe, to propagate across the alien network and disable the shields protecting each of their ships.
Plot Holes (and Security Holes)
Here’s how the conversation would have gone down in the alien’s neck of the woods (or, corner of space, I should say), prior to their demise:
Alien Commander: “Hey Alien IT guy, I need to be a local admin on the Mothership. I need to install some software and I don’t want the hassle of using Run as Emperor all the time.”
Alien IT Guy: “With respect sire, it’s not safe. We are vulnerable to any kind of virus and –“
Alien Commander: “Silence! I am your Superior, make me a local admin on my device NOW!”
*Alien IT Guy then falls in line and does as asked. Alien Commander gets a local admin account, and then Jeff and co come along and introduce a virus which runs rampant on the high-level account and ruins everything for the aliens*
The moral of the story? It doesn’t matter how much high-tech gear or fancy defenses you’ve got at your organization if you’re not protecting the main doorway to the Mothership.
And that main doorway is the local administrator.
Don’t Be a Local Administrator on the Mothership
At Admin By Request
we know that the alien’s downfall was a local administrator account, which provides sci-fi heroes and cyber hackers alike the foothold from which to bust defenses and bring down the whole network (or the whole fleet when it comes to extraterrestrial war).
The Alien Commander was a local administrator on the Mothership, and as with the Mothership controlling all of the smaller ship’s defenses, an administrator account can also do so much more than a regular account within a computer system.
An admin account can make changes that can affect other users, such as:
- Create or modify other user accounts
- Adjust security settings
- Start and stop services
- Access all files on the computer
Access to a local admin account means access to the foothold from which to bring down the defenses of the rest of the network.
And that is why the Mothership was the target for our human hero’s, and why local admin accounts are often the target for cyber hackers.
Admin By Request Keeps All Ranks In Line
If you allow any superior who pulls rank to be a local admin on their device, you’re providing more doorways for hackers to bring down your Mothership and compromise your entire network.
Instead of allowing users to remain local admins on their machines, what you need is a Privileged Access Management (PAM) solution, which strengthens security by monitoring, auditing and managing privileged users.
Admin By Request is a PAM solution that revokes administrator rights, while at the same time, making it easier than ever for your users to Run as Emperor (aka Run as Administrator).
Once local admin rights are revoked, no user (commander or low-ranking alien alike) will have any cause to complain because almost nothing changes from their end.
Users operate as they have always done, but now with the added security.
When they do need elevated privileges, they simply make a request to Run as Administrator or have a timed Administrator Session, which allows users to undertake activity that requires elevated privileges while staying protected.
Admin By Request intercepts the install, asks the user to provide their contact details and a reason for requiring elevation, and then the Alien IT Guy (or your own, human IT guy) can approve or deny the request from within the Admin By Request user portal.
When requests are approved, files are scanned by more than 30 anti-malware engines thanks to Admin By Request’s integration with OPSWAT’s MetaDefender Cloud
, and all activity undertaken with elevated privileges is logged in the software’s user portal.
If the Aliens had Admin By Request deployed on their Mothership, Jeff’s virus would never have succeeded.
The Alien Commander wouldn’t have been granted local admin on his device – instead he would have been able to use Admin By Request’s Run as Emperor/Admin method and stayed protected during his software installs.
Don’t let your own company fall victim to a virus that propagates across your entire network, destroying all defenses and bringing the whole system down; don’t be the guy responsible for losing the Mothership.
Try Admin By Request today (and then go and watch the movie already!)