How Do You Protect Yourself Against Rogue Admins?
Given the recent problems the city of San Francisco has had with a criminal network admin, what have you done to protect yourself from getting into a similar situation? I found an interesting article at TechRepublic that can help you with this problem at http://blogs.techrepublic.com.com/security/?p=569&tag=nl.e036
The key take home messages from this article include:
- Use the principle of least privilege. Restrict network admins to only those resource they actually manage and no more
- Everyone on the IT team doesn't need to have access to the domain admin passwords
- Daily checks of addition to admin-level groups should be performed and compared with previous days' lists
- Every admin activity on the network should be logged
- When a member of the IT team leaves the company, the employee to be escorted to his desk to collect his belongings, badges and keys. However, before that, an account admin should be removing his accounts, by disabling them first and subsequently removing them.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP - Forefront Edge Security (ISA/TMG/IAG)