A Policy Change: Admin Rights

This year we’ve made a number of policy changes to how Lineal protects your technology, data and users – part of a programme of adjustments designed to help our clients keep their organisations secure.

One of these is a change to how we manage security permissions. In future, we’ll be stricter about how and when we allow administrator (‘admin’) privileges to be used.

What does this mean?

Put simply, we expect no end-user to use an administrator account for their routine work.

Where a user needs administration privileges as part of their official role, we expect a separate admin account to be created for this function, with some extra protections put in place.

All admin accounts should be named to indicate the owner, assigned to only one individual, authorised by management, and protected by Multi-Factor Authentication, where available.

Why are Lineal taking this step?

Admin accounts carry enhanced powers – often to install applications, access raw data or bypass safeguards – each of which represents a more significant cyber security threat where an admin account is misused or compromised.

In the event of a cyber security breach, it’s not uncommon for attackers to leverage admin accounts to attack other systems or users laterally, using heightened account privileges.

Reducing the number of administrator accounts, their use, and the risk of an account breach, all help to maintain strong cyber security within your organisation.

We’re also acting in line with the current requirements of the UK NCSC’s Cyber Essentials Scheme, as well as ISO 27001, CIS benchmarks and NIST 800-60.

Does my organisation need to budget for this?

No – this change will be a guiding principle for the assignment of existing/new admin privileges.

My organisation is subject to a compliance standard / framework, what do I do?

If you’re already subject to any specific controls over the distribution of administrator privileges, please contact us to discuss further, and we’ll do our best to explain how these changes support or enhance your existing controls.

What if I don’t want to do this, because of _________?

Where a client still allows a user to have local or domain administrative rights for standard duties, we’ll now require you to declare this to us in writing – as part of a disclaimer accepting liability for any adverse consequences of this decision.

We’ll also make clear that any remedial works required by us following an incident caused by this decision will be chargeable.

Who can I speak to about this?

Please contact our IT Support Teams via our Client Portal, via [email protected] or, 01271 375999, and one of our team will be happy to assist.

A number of retail, news and social media websites experienced internet downtime caused by an outage at the global website cloud hosting service, Fastly.

For an hour from 11am BST today, users of Fastly’s hosting service including gov.uk, PayPal, Amazon and a whole host of other major company websites were greeted with and “Error 503 Service Unavailable” detailing problems with the cache server.

By 12.09pm BST, Fastly released a statement saying that their global network was coming back online and that it had been “investigating potential impact to performance with our CDN [content delivery network] services”. However, users were still met with slow loading times and sporadic access to multiple companies’ websites.

Error 503 message that greeted those trying to access the affected websites

When functioning correctly, CDNs such as Fastly aim to improve website security from denial-of-service attacks and reduce loading time for images, videos and HTML pages whilst managing sudden web traffic clusters for their customers’ websites.

ESET commented on the outage and its implication going forward with “whether it be malicious or otherwise, this highlights the importance and significance of these vast hosting companies and what they represent” – adding weight to the growing responsibility that these CDN providers have over global Internet control and access.

The outage raises security concerns over the over-centralisation of the internet in the hands of a few major hosting providers and asks questions about its reliability in the future should a larger scale problem like this occur again – demonstrating that we have not learned our lesson from the past hosting service outages as exemplified by the Cloudfare crash of 2019.

Full list of all websites affected below:

AFR, Age, Amazon, Boots, BuzzFeed, CNN, Deliveroo, Etsy, Evening Standard, Financial Times, Giphy, Horse and Hound, IGN, Imgur, Independent, Kickstarter, Le Monde, New York Times, PayPal, Pinterest, Reddit, Royal Mail, SMH, Spotify, Taboola, The Guardian, The Verge, Twitch, Twitter, UK Government website (including HM Revenue and Customs), Vimeo and Weightwatchers

Microsoft has announced that up to 92% of all stand-alone Exchange servers have been patched, following a mass data breach by Chinese state-sponsored Hafnium cybercrime group.

A mass attack on zero-day Exchange servers through four security vulnerabilities was identified and exploited by Hafnium in early March. Those with at risk servers, according to Microsoft VP Tom Burt, are recognised as 400,000 on-premise Exchange servers belonging to multiple government and corporate data centres including defence contractors, schools and other entities globally.

Consequently, the ProxyLogon security fixes released on 2^nd March have mitigated this number significantly with 92% of Exchange servers now protected under the new patches. Nevertheless, Microsoft states that around 32,000 servers remained unpatched and vulnerable to Hafnium cybercrime including theft of confidential sensitive data together with installation of ransomware and ‘corrupted web shells’, such as China Chopper, allowing unrestricted external access to the unpatched Exchange servers.

These security fixes are in conjunction with Microsoft’s Exchange on-premises mitigation tool (EOMT) which installs defender scripts and dependency downloads whilst automatically running the Safety Scanner; troubleshooting any identified problems on the Exchange servers.

However, the patches do not protect servers that have already been compromised from further exploitation, therefore Microsoft has advised that organisations administrators scan their stand-alone networks for potentially installed malicious software and scripts in addition to the scans of EOMT.

The attacks themselves have raised questions over the security maintenance of in-house email servers and adds weight to the growing adoption of cloud-based internet email.

Almost certainly – but don’t panic. Details of anonymous data gathered from Windows 10 users were released this week, with Microsoft publishing more usage information surrounding Windows 10 tracking.

In a blog post, Microsoft explained that the data is gathered for “Standard diagnostic, anonymous analytics that enables us to deliver the best Windows 10 experience possible.”

Via Windows 10 tracking, Microsoft have now measured more than 200 million active devices running the new operating system, 2.4 billion search questions asked of Virtual Assistant Cortana, and more than 44.5 billion minutes spent using the new Microsoft ‘Edge’ browser.

Routine data collection is unlikely to concern most users – and has clearly been announced to show Windows 10’s success. Microsoft also casually notes that the new operating system, released in the summer of 2015, has been “Outpacing… Windows 8 by nearly 400%.”

The accelerating adoption of Windows 10, including among 22 million Enterprise and Education customers, offers Microsoft renewed hope for growing the user base of associated products, such as Azure cloud computing, Windows Phone and the impressive Office365.

If concerned, users can ‘turn off’ all feedback (aside from error reports) by setting the feedback option to ‘Basic’ in their settings.

Taking a more nuanced view, this admission illustrates an industry ever more capable (and willing) to be flexible with privacy concerns of customers in the quest for the perfect user experience.

Need Windows IT support and advice? Contact Lineal today: www.lineal.co.uk or 01271 375999