In the age of constant attacks on your networks here are some good tips on how you can reduce the risk of having a security breach.
Employees with administrative access should be using separate devices dedicated only for administrative operations. These devices like all the other devices within your domains should always be kept up to date with all the recent software and operating system updates.
All default administration accounts should be given zero rights on the device account and the domain account. Its best practices to require that they request just-in-time (JIT) privileges that gives them access for a finite amount of time and logs it in a system.
Administrator accounts should also be created on a separate user namespace/forest that cannot access the internet, and should be different from the employee’s normal work identity. This way, any compromise of the company’s employee-force namespace/forest won’t grant the attackers easy access to an administrator account, since the employee with admin rights would not be using that account for daily tasks.
Employees with administrative accounts should avoid remotely logging into devices with administrator access to perform any administrative tasks, as attackers could be logging these events on compromised devices. The way to go is to have administrators use their separate devices for any administrative tasks as much as possible.
Contact us today toll free 1-888-392-9623 to find out more on how Adept Technologies can save you money by utilizing our services and technology.