I attended an interesting webinar last week, on the principle of least privilege security. Russell Smith, renowned Windows security expert, discussed how adhering to the principle of least privilege can benefit the security of your environment, including reducing support incidents and improving user productivity. To attend the webinar, register for one of the following dates:
Least Privilege Security for Windows 7, Vista, and XP: Tuesday, November 2, 2010, 9:00 a.m. - 10:00 a.m. PDT
Least Privilege Security for Windows 7, Vista, and XP: Wednesday, December 1, 2010, 8:00 a.m. - 9:00 a.m. PST
In the webinar, Russell notes that running administrator-level privileges on desktop PCs increases total cost of ownership (TCO) by 36.3%. He also discusses the fact that although users tend to view security as restrictive, enforcing proper security measures actually benefits users because it helps meet their expectations for speed, reliability, and productivity.
Problems associated with elevated privileges include the following:
- Malware—The more users running with elevated privileges, the greater the risk of infection.
- Data leakage—Having more users with elevated privileges increases the chance of data loss.
- Help desk costs—Giving users the right to change system configuration can lead to problems.
- Unlicensed software—Users with admin privileges can install personal software, as well as unwittingly infect their systems by running fake antivirus software.
- System/network slowdowns—Problems that users create on their own systems affect not only those systems but also the network.
Elevated privileges allow users to circumvent the management controls that are designed to protect systems and networks. For more information about applying the principle of least privilege in your environment, attend one of Russell’s remaining webinars.
Related Windows IT Pro Articles:
“Windows Vista’s Take on Least Privilege”
“Least Privilege User Accounts on Windows XP”
“Dealing with the Least Privilege Security Principle”
“Implementing Least Privilege with AD”
“Least Privilege Service Accounts for SharePoint 2010”
“Solutions for the Least-Privilege Dilemma”