CIS Control 4: Controlled Use of Administrative Privileges

Home  »  Blog  »  Cyber Security  »  CIS Control...

By Bill Minahan   |   January 29, 2021   |   0 Comments

CIS Control 6

CIS Control 4: Controlled Use of Administrative Privileges

What is CIS Control 4?

The CIS controls are a set of actions that protect your organization from the most pervasive cyber attacks. There are 20 total critical controls that prioritize the most essential actions your organization can take in order to gain the highest pay-off results.

CIS Control 4 focuses on controlling the use of administrative privileges.

Specifically, this control focuses on reducing administrative privilege and restricting it to only users who require it in order to perform their job role. In most cases, the majority of users do not require administrative privilege to do daily tasks. Yet, many businesses grant all users, regardless of their job role, administrative privileges.

However, this is risky.

As a result, CIS Control 4 focuses on using processes and tools to track, control, prevent, and correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.

Why is this CIS Control Critical?

The CIS Controls are based on actionable guidance from today’s biggest threats, formed by the consensus of the world’s leading experts across a variety of sectors.

CIS Control 4 is critical because hackers are constantly on the lookout for organizations that fail to control/restrict their admin. users.

Misuse of privilege is an increasingly popular method for attackers to land and expand inside networks.

For instance, two common attacks that rely on administrative privileges to execute are the following:

An attacker manipulates a user running with administrative privilege into opening a malicious PDF or attachment. Similarly, a user is infected with malware after visiting a site that loads it silently in the background.

Privileged accounts make these attacks specifically quick and dangerous to carry out. User machines can instantly be controlled, keylogging installed, and other malicious activity can occur, all out of plain sight.

When this is executed on a device with administrative privileges, the attacker can completely take over the victim’s machine and infect other systems on the network.

The second common attack is known as an elevation of privileges attack by guessing or cracking a password set for an administrative user in order to gain access to a target machine. If administrative privileges are loosely given out, or identical (Or similar) passwords are used on less critical systems, then the attacker can easily gain full control of your systems.

As a result, restricting access to data by job function is one of the most effective ways to reduce your risk.

How to Implement CIS Control 4

Sub-Control

Asset Type

Security Function

Control Title

Control Descriptions

4.1

Users Detect Maintain Inventory of Administrative Accounts  

Use automated tools to inventory all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.

4.2

Users Detect Change Default Passwords  

Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.

4.3

Users Protect Ensure the Use of Dedicated Administrative Accounts  

Ensure that all users with administrative account access use a dedicated or secondary account for elevated activities. However, this account should only be used for administrative activities and not Internet browsing, email, or similar activities.

4.4

Users Protect Use Unique Passwords  

Where multi-factor authentication is not supported (such as local administrator, root, or service accounts), accounts will use passwords that are unique to that system.

4.5

Users Protect Use Multi-Factor Authentication for All Administrative Access  

Use multi-factor authentication as well as encrypted channels for all administrative account access.

4.6

Users Protect Use Dedicated Workstations For All Administrative Tasks  

Ensure administrators use a dedicated machine for all administrative tasks as well as tasks requiring administrative access. This machine will be segmented from the organization’s primary network and therefore not be allowed Internet access. Likewise, this machine will not be used for reading email, composing documents, or browsing the Internet.

4.7

Users Protect Limit Access to Scripting Tools  

Limit access to scripting tools (such as Microsoft® PowerShell and Python) to only administrative or development users with the need to access those capabilities.

4.8

Users Detect Log and Alert on Changes to Administrative Group Membership  

Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges

4.9

Users Detect Log and Alert on Unsuccessful Administrative Account Login  

Configure systems to issue a log entry and alert on unsuccessful logins to an administrative account.

 

Implementing CIS Controls

If your team is struggling to implement CIS Control 4 and could use the assistance of a third-party security provider, aNetworks is here to help. Our team of experts can assist with whatever level of service you require from consulting to complete implementation.

If you are interested in learning more about CIS Controls, then view our comprehensive list here.

If you are interested, then please contact us below.

Contact Us

If you are looking for more resources, then please check out our resource center.

Finally, you can always find us on TwitterLinkedIn, and Facebook.


Category: Cyber Security