Security Basics mailing list archives

Re: Using Admin Privileges while surfing the Internet

From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Tue, 26 May 2009 07:20:03 -0400

I don't have any documents on hand for you to reference in arguments
with management but it is definitely not "ok" for everyone in the
company to have local admin rights.  Beside the fact that this means
they can install literally whatever they want from wherever they want
with no controls whatsoever, it means that a great deal of web
distributed malware that would not otherwise be a threat, all of a
sudden is.

On the other hand, with a business that size they may not necessarily
care enough about security to hire another help desk person to install
software after taking those rights away from the user.  From a
security perspective it's not ok, but from a business perspective it
might make the most sense.

Steve Mullins

On Mon, May 25, 2009 at 2:43 AM,  <Menny.b () gmail com> wrote:

Hello,

I've recently reviewed the network settings of a small-medium business (about 70 workstations running XP Sp3).

I've found that the internal network is connected to the internet thought a firewall, and all of the users have 
(local) administrative privileges on their workstation.

Does anyone know a published benchmark / standard that will help me decide (and argue) - is it ok using admin while 
surfing the internet.

Thanks,
Michael.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Using Admin Privileges while surfing the Internet Menny . b (May 25)
- Re: Using Admin Privileges while surfing the Internet Jeffrey Walton (May 26)
- Re: Using Admin Privileges while surfing the Internet Stephen Mullins (May 26)
- <Possible follow-ups>
- Re: Using Admin Privileges while surfing the Internet kartik . netsec (May 26)
- Re: Using Admin Privileges while surfing the Internet kartik . netsec (May 26)
- Re: Using Admin Privileges while surfing the Internet kartik . netsec (May 26)
- Re: Using Admin Privileges while surfing the Internet kartik . netsec (May 26)