Re: On-demand Privilege Escalation Solution for Endpoints

["Biggs, Nathanael" <nbiggs112 () CEDARVILLE EDU>]

+1 for MakeMeAdmin. We're in the middle of deploying this in conjunction
with LAPS (so that the admin passwords change regularly), and it looks
promising, based on the testing we've done.

Access is administered via GPO, but the tool doesn't require real-time
access to the domain in order to function.






Nathanael Biggs
*Network Analyst*
Information Technology
*Cedarville University*
o: 937-766-7905
www.cedarville.edu
<https://twitter.com/cedarville>
<https://www.youtube.com/user/cedarvilleu>
<https://www.facebook.com/cedarville>
<https://www.linkedin.com/in/nathanael-biggs-86595125/>
<https://www.instagram.com/cedarville/>

On Wed, Mar 28, 2018 at 12:57 PM, Shen, Philip (ps7xj) <ps7xj () virginia edu>
wrote:

> For those on a budget check out Make Me Admin  https://makemeadmin.com/
>
>
>
> Thanks,
>
> Phil
>
>
> ----
> Phil Shen BS, GIAC GSEC, ITIL
> IT Security - University of Virginia School of Medicine
> <Phil.Shen () virginia edu>
>
>
>
> ------------------------------
> *From:* The EDUCAUSE Security Constituent Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of WALTER KERNER <
> walter_kerner () FITNYC EDU>
> *Sent:* Wednesday, March 28, 2018 12:32 PM
>
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] On-demand Privilege Escalation Solution for
> Endpoints
>
>
> We’re just beginning to use Avecto here.  It’s still early but it seems
> like it will be a good fit.  It will let traveling faculty add printers,
> adjust networks, and handle timezones with admin rights.  We also use it to
> confirm on software installs: we don’t prohibit faculty from installing
> what they want, but we want to alert them to drive-by downloads
>
>
>
>
>
>
>
> Walter Kerner
>
> AVP and CISO
>
> [image: blue]
>
> 333 7th Avenue, 13th Floor
> <https://maps.google.com/?q=333+7th+Avenue,+13th+Floor+%0D%0A+New+York,+NY+10001&entry=gmail&source=g>
>
> New York, NY 10001
> <https://maps.google.com/?q=333+7th+Avenue,+13th+Floor+%0D%0A+New+York,+NY+10001&entry=gmail&source=g>
>
> Voice: 212-217-3415 <(212)%20217-3415>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Davis, Chris
> *Sent:* Tuesday, March 27, 2018 10:28 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] On-demand Privilege Escalation Solution for
> Endpoints
>
>
>
> Check out Avecto Defendpoint or CyberArk Viewfinity. Both do what you are
> looking for without having to grant admin rights on an extended basis.
>
> Sent from my iPhone - please excuse any minor errors.
>
>
>
> Chris Davis, PhD
>
> Chief Information Officer
>
> Lourdes University
>
> cdavis () lourdes edu
>
>
> On Mar 27, 2018, at 22:02, Nitin Singh <Nitin.Singh () VU EDU AU> wrote:
>
> Good Day Folks,
>
>
>
> We are looking at possible solutions to allow administrative rights on
> endpoints.
>
>
>
> Currently by default our users get administrative rights (oooops!) on
> their machines which is for historic reasons to provide academic freedom
> and flexibility. And as you would know this freedom and flexibility comes
> with significant security exposure and risk for our University.
>
>
>
> Moving forward we will be removing all administrative rights on endpoints
> and looking to deploy a solution which can:
>
>    1. Allow demand Privilege Escalation from local machine regardless it
>    is connected to University Network or Not
>    2. Limit the window of Escalated Rights such as allowing users to
>    select how long they need administrative rights for and automatically
>    removing privileges after selected period of 30mins, 2 hours, 4 hours or 8
>    hours.
>    3. Monitor, log and alert on all activities undertaken (including
>    installation, download etc.) during the period of escalated rights
>    4. Block/notify users whenever download/installation of a malicious
>    code/software is detected
>    5. Easy to use, install and does not require excessive operational
>    overheads.
>
>
>
> Anyone who is using similar technologies or have explored such solutions
> who can share insights that would be highly appreciated.
>
>
>
> Rgds, Nitin
>
>
>
> *Nitin Singh*
>
> *Director – ITS Security and Risk Assurance*
>
> Information Technology Services
>
> (P) +61 3 9919 5849 <+61%203%209919%205849>
>
> (M) +61 430 989 430 <+61%20430%20989%20430>
>
>
>
> Victoria University CRICOS Provider No. 00124K (Melbourne) CRICOS
> Provider No. 02475D (Sydney)
>
>
>
> <image001.png>