how to enable local admin access without the risk
TRANSCRIPT
Today’s Speakers
Chris MerrittDirector of Solution MarketingLumension
Roger A. GrimesSecurity Consultant, Author and Columnist
2
Level Setting on Local Admin Risk
•What is a Local Administrator?
» User account that grants administrative power to a user on their local machine
» “Local Admins” can perform any action on their “local” system
5
•Why are Local Admins so common?
» Old OS - Older Windows OS require it for features to work
» Old Software - Legacy software requires local admin to install or run
» Old Cultures - Organizations have traditionally had user-empowered
Reasons for Removing Local Admin Access
•Local Admins can do ANYTHING on their systems
» Install unwanted and unauthorized software
» Install malware
» Remove patches
» Turn off services
» Defeat security measures
» Change configurations
To Lower the Total Cost of Ownership
6
Why Taking Away Local Admin Doesn’t Work
7
•Users and Senior Executives revolt
•Many programs won’t work without admin rights
•Prevents more legitimate uses than illegitimate
» The medicine can be worse than the disease
•Non-Admin users can still install software
•Doesn’t stop all malware
In Many Cases, Doesn’t Lower Total Cost of Ownership
Doesn’t Stop All Malware
•Many programs, including thousands of malware programs, do not need local admin access to do their dirty work
» Many programs don’t require admin to install or operate
• For Example: Google Chrome browser
» Many Browser add-ons don’t require admin to install
» Many ActiveX controls don’t require admin
» Malware programs take advantage of existing, approved, installed programs (e.g. Adobe Reader, Flash, Java)
•Once approved program is exploited, the bad guy is free to expand influence - biggest hurdle is already passed
8
Doesn’t Stop All Malware
•Malware can do everything it needs to do without having local admin:
» Install malicious programs
» Infect files
» Be persistent through reboots
» Record keystrokes
» Steal passwords
» Crawl the network
•Once the bad guy is past the initial defenses, it’s game over
•Removing Local Admin is a binary defense
9
Rethinking Local Admin Access
• Traditional “all or nothing” approaches don’t work» Impacts productivity» Doesn’t reduce risk appreciably
• New approach needed» Provides visibility and control without
impacting productivity» Prevents unwanted, unauthorized or
malicious apps from executing
11
Reducing Local Admin Risk
Control Panel – uninstall program
Task Manager – kill process
Regedit / Command
Action Example How Lumension Stops
Install Applications
Change Configurations
Remove Patches & Uninstall Software
Defeat Security Tools
control.exe
Denied Application:
Denied Application:cmd.exeregedit.exe
taskmgr.exe
Denied Application:
Application Control:Easy LockdownTrust Engine
12
Balancing Productivity and Control
Productivity• Provide each end-user with
appropriate privileges• Access to authorized apps• Access to necessary controls
• Eliminate unwanted or unauthorized apps• Time wasters (e.g., WoW)
• Eliminate software or configuration conflicts• Reduce user downtime
Control• Prevent malware execution
– regardless of installation path or method
• Eliminate unwanted or unauthorized apps• Security risks (e.g., P2P)
• Eliminate software or configuration conflicts• Reduce Help Desk calls• Reduce re-imaging costs
13
How Whitelisting Helps
• Stop playing whack-a-mole
• Not binary
• Far more granular in providing or denying access
• Better control coverage
• Prevent unapproved applications from being installed or executed
» Regardless of whether they require local admin or not
• Prevent malicious executables from being initiated if an attacker gains initial access
14
Other Benefits of Whitelisting
• Easy to find out what your end-users are trying to execute» Configurable reports and alerts
• Easy to allow or deny an application in an emergency, without giving end-user full access
Whitelisting is the single best thing you can implement
to prevent malware attacks and exploitations
15
Next Steps
17
• Lumension® Intelligent Whitelisting™ » Overview
• www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
» Free Demo• www.lumension.com/Resources/Demo-Center/Overview-Endpoint-Protection.aspx
» Free Application Scanner• www.lumension.com/special-offer/App-Scanner-Tool-V3.aspx
• Whitepaper and Videos» Think Your Anti-Virus is Working? Think Again.
• www.lumension.com/special-offer/App-Whitelisting-V2.aspx
» Reducing Local Admin Access• www.lumension.com/special-offer/us-local-admin.aspx
» Reducing Local Admin Risk• www.youtube.com/watch?v=SPIPLxhFsC0
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828