Privileged Accounts Are Poorly Managed

Privileged accounts, typically administrator accounts, are the all powerful user accounts who can do anything on a computer, server, network, or domain.  These are the top targets for cyber-criminals and other malicious hackers.  And they generally are poorly managed.  Here are some common mistakes we see when conduction security reviews for clients.

  • Domain, Network, and Server Administrators – These accounts are often used as the day-to-day work account of a highly placed IT staff member.  Administrator accounts should never be used for routine work, but only when needed to manage a server, network, or Windows domain.  Because if this account is breached, the entire network is now vulnerable to further exploitation by the attacker.
  • Administrators to the local machine – When you set up a computer for the first time, the operating system requires you to create an administrator account.  This is the administrator for this computer, also know as the local machine.  We see lots of instances where the computer user is also the local machine administrator.  This means when there system is compromised by an attack, the attacker has unlimited rights to download and install anything they need to extend their attack.  Users should be working under their own user account, and given only the privileges needed for their job.  If installing software is not part of their job, amke sure it is not something they can do under their user profile.
  • Default administrator accounts not changed – All computer hardware, and especially networking gear, comes with default administrator accounts built in.  Often the credentials are nothing more than “admin” and “password.”  Default administrator credentials can be looked up on the Internet, either on the manuafacturer’s support pages, or in one of the many online lists for default administrator accounts.  Just Google “default admin accounts lists” to see a good selection.  These defaults need to be changed as part of the setup process.
  • Administrator account records poorly documented or missing – Often we find that information about administrator accounts is missing, out of date, sometimes duplicated (but not identically), and often stored in a notebook (bad) or on a spreadsheet (worse).  If the administrator account is not available for a server, computer or other device, it can be impossible to service or repair the device without resetting everything back to day one.  It is reason like this that machines go unpatched for years – no one has the administrator account necessary to update the software.

Documenting and managing your administrator accounts is a project that would be a great kick-off to your cybersecurity new-year.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.