How to Enable Local Admin Access - Without the Risk

Today’s Speakers

Chris MerrittDirector of Solution MarketingLumension

Roger A. GrimesSecurity Consultant, Author and Columnist

2

Today’s Agenda

The Local Admin Dilemma

Using Application Whitelisting to Reduce Risk

Q&A

The Local Admin Dilemma

Level Setting on Local Admin Risk

•What is a Local Administrator?

» User account that grants administrative power to a user on their local machine

» “Local Admins” can perform any action on their “local” system

5

•Why are Local Admins so common?

» Old OS - Older Windows OS require it for features to work

» Old Software - Legacy software requires local admin to install or run

» Old Cultures - Organizations have traditionally had user-empowered

Reasons for Removing Local Admin Access

•Local Admins can do ANYTHING on their systems

» Install unwanted and unauthorized software

» Install malware

» Remove patches

» Turn off services

» Defeat security measures

» Change configurations

To Lower the Total Cost of Ownership

6

Why Taking Away Local Admin Doesn’t Work

7

•Users and Senior Executives revolt

•Many programs won’t work without admin rights

•Prevents more legitimate uses than illegitimate

» The medicine can be worse than the disease

•Non-Admin users can still install software

•Doesn’t stop all malware

In Many Cases, Doesn’t Lower Total Cost of Ownership

Doesn’t Stop All Malware

•Many programs, including thousands of malware programs, do not need local admin access to do their dirty work

» Many programs don’t require admin to install or operate

• For Example: Google Chrome browser

» Many Browser add-ons don’t require admin to install

» Many ActiveX controls don’t require admin

» Malware programs take advantage of existing, approved, installed programs (e.g. Adobe Reader, Flash, Java)

•Once approved program is exploited, the bad guy is free to expand influence - biggest hurdle is already passed

8

Doesn’t Stop All Malware

•Malware can do everything it needs to do without having local admin:

» Install malicious programs

» Infect files

» Be persistent through reboots

» Record keystrokes

» Steal passwords

» Crawl the network

•Once the bad guy is past the initial defenses, it’s game over

•Removing Local Admin is a binary defense

9

Using Application Whitelistingto Reduce Risk

Rethinking Local Admin Access

• Traditional “all or nothing” approaches don’t work» Impacts productivity» Doesn’t reduce risk appreciably

• New approach needed» Provides visibility and control without

impacting productivity» Prevents unwanted, unauthorized or

malicious apps from executing

11

Reducing Local Admin Risk

Control Panel – uninstall program

Task Manager – kill process

Regedit / Command

Action Example How Lumension Stops

Install Applications

Change Configurations

Remove Patches & Uninstall Software

Defeat Security Tools

control.exe

Denied Application:

Denied Application:cmd.exeregedit.exe

taskmgr.exe

Denied Application:

Application Control:Easy LockdownTrust Engine

12

Balancing Productivity and Control

Productivity• Provide each end-user with

appropriate privileges• Access to authorized apps• Access to necessary controls

• Eliminate unwanted or unauthorized apps• Time wasters (e.g., WoW)

• Eliminate software or configuration conflicts• Reduce user downtime

Control• Prevent malware execution

– regardless of installation path or method

• Eliminate unwanted or unauthorized apps• Security risks (e.g., P2P)

• Eliminate software or configuration conflicts• Reduce Help Desk calls• Reduce re-imaging costs

13

How Whitelisting Helps

• Stop playing whack-a-mole

• Not binary

• Far more granular in providing or denying access

• Better control coverage

• Prevent unapproved applications from being installed or executed

» Regardless of whether they require local admin or not

• Prevent malicious executables from being initiated if an attacker gains initial access

14

Other Benefits of Whitelisting

• Easy to find out what your end-users are trying to execute» Configurable reports and alerts

• Easy to allow or deny an application in an emergency, without giving end-user full access

Whitelisting is the single best thing you can implement

to prevent malware attacks and exploitations

15

Q&A

Next Steps

17

• Lumension® Intelligent Whitelisting™ » Overview

• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

» Free Demo• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx

» Free Application Scanner• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx

• Whitepaper and Videos» Think Your Anti-Virus is Working? Think Again.

• www.lumension.com/special-offer/App-Whitelisting-V2.aspx

» Reducing Local Admin Access• www.lumension.com/special-offer/us-local-admin.aspx

» Reducing Local Admin Risk• www.youtube.com/watch?v=SPIPLxhFsC0

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com