Thursday, July 01, 2010

Protecting Active Directory administrative accounts

Another good article in InfoWorld -“How many enterprise admins is too many?” – that is well worth the read. I’ve been doing a lot of reading and talking to customers over the last 6 months or so on the topic of privileged account management and there’s a lot to be worried about in this area. In this article the author gives some good advice on protecting your Windows admin accounts:
  • Enterprise admins should not be logged on for surfing the Web, picking up email, or any other task that doesn't require enterprise admin abilities
  • All admin user accounts should have long passwords, 15 characters or more – or, even better, they should be protected by smartcards
  • Used dedicated admin workstations for domain or enterprise admins
  • Use third-party software that helps companies manage elevated accounts
With phishing attacks constantly on the rise it’s a good idea to review what you’re doing with your privileged accounts. The attackers on the outside are getting to be more of a risk than internal attacks. You need to be well locked down for both.

No comments: