WEBVTT 00:00:00.000 --> 00:00:07.580 align:middle line:90% 00:00:07.580 --> 00:00:10.880 align:middle line:90% Limiting Users Rights. 00:00:10.880 --> 00:00:14.210 align:middle line:84% Now, when it comes to limiting a user's rights on the network, 00:00:14.210 --> 00:00:17.540 align:middle line:84% it's never really a fun decision to make. 00:00:17.540 --> 00:00:19.790 align:middle line:84% On one hand, if we make things too limited 00:00:19.790 --> 00:00:24.020 align:middle line:84% for users, and then we're going to upset them and most likely 00:00:24.020 --> 00:00:29.330 align:middle line:84% impede their ability to actually do their actual job. 00:00:29.330 --> 00:00:31.880 align:middle line:84% On the other hand, if we make things too open, 00:00:31.880 --> 00:00:34.910 align:middle line:84% we also potentially leave our users 00:00:34.910 --> 00:00:37.280 align:middle line:84% and our network open to malicious hackers. 00:00:37.280 --> 00:00:40.170 align:middle line:90% 00:00:40.170 --> 00:00:45.970 align:middle line:84% So a study by Varonis, 70% of all sensitive files 00:00:45.970 --> 00:00:48.730 align:middle line:84% were accessible to all employees. 00:00:48.730 --> 00:00:53.830 align:middle line:84% On average, every employee had access to 17 million files. 00:00:53.830 --> 00:00:56.590 align:middle line:84% So that's a pretty scary statistic, 00:00:56.590 --> 00:00:58.660 align:middle line:84% especially when we start considering things like, 00:00:58.660 --> 00:01:01.510 align:middle line:84% well, if all employees had access 00:01:01.510 --> 00:01:08.260 align:middle line:84% to sensitive files, these some 17 million files, 00:01:08.260 --> 00:01:11.560 align:middle line:84% then if one of those employees who probably shouldn't have 00:01:11.560 --> 00:01:14.200 align:middle line:84% access to it was a, say, malicious insider, 00:01:14.200 --> 00:01:16.970 align:middle line:84% they can potentially grab the information, 00:01:16.970 --> 00:01:19.780 align:middle line:84% use it for their own profit against the company. 00:01:19.780 --> 00:01:22.060 align:middle line:90% They could delete those files. 00:01:22.060 --> 00:01:26.290 align:middle line:84% Or they could quite simply unknowingly open 00:01:26.290 --> 00:01:28.300 align:middle line:84% an email that had a ransomware on it, 00:01:28.300 --> 00:01:32.360 align:middle line:84% and encrypt all these critical files. 00:01:32.360 --> 00:01:35.060 align:middle line:84% This is why limiting user rights are important. 00:01:35.060 --> 00:01:37.750 align:middle line:84% But we do need to think this through. 00:01:37.750 --> 00:01:43.980 align:middle line:84% So some issues with if we limit too much, in the case shown 00:01:43.980 --> 00:01:45.990 align:middle line:84% previously, a ransomware attack, again, 00:01:45.990 --> 00:01:48.690 align:middle line:84% can encrypt your entire network file. 00:01:48.690 --> 00:01:50.610 align:middle line:84% An insider attack, malicious or otherwise, 00:01:50.610 --> 00:01:52.800 align:middle line:84% might accidentally or intentionally 00:01:52.800 --> 00:01:54.960 align:middle line:90% delete these important files. 00:01:54.960 --> 00:01:57.990 align:middle line:84% A user may be able to elevate their own user right 00:01:57.990 --> 00:01:59.280 align:middle line:90% permissions. 00:01:59.280 --> 00:02:01.680 align:middle line:84% A user might be able to create an admin account. 00:02:01.680 --> 00:02:04.360 align:middle line:90% 00:02:04.360 --> 00:02:07.060 align:middle line:84% A user may install software that violates a company 00:02:07.060 --> 00:02:12.950 align:middle line:84% policy, legal requirements, or conflicts with other software. 00:02:12.950 --> 00:02:16.700 align:middle line:84% And a user may remove critical software that's needed, 00:02:16.700 --> 00:02:19.400 align:middle line:84% or disable it, or otherwise hamper 00:02:19.400 --> 00:02:24.800 align:middle line:84% your network or the protections that you put in place. 00:02:24.800 --> 00:02:28.460 align:middle line:84% So again, whether the user intentionally 00:02:28.460 --> 00:02:32.870 align:middle line:84% is trying to harm the network or accidentally, 00:02:32.870 --> 00:02:34.350 align:middle line:90% it's a little bit irrelevant. 00:02:34.350 --> 00:02:36.590 align:middle line:84% It's the fact that they are able to do this 00:02:36.590 --> 00:02:39.103 align:middle line:84% and they may do this, that's potentially 00:02:39.103 --> 00:02:40.145 align:middle line:90% going to cause a problem. 00:02:40.145 --> 00:02:42.920 align:middle line:90% 00:02:42.920 --> 00:02:44.440 align:middle line:84% So this is why we need to protect 00:02:44.440 --> 00:02:47.680 align:middle line:84% our users and the network from outsider attacks and insider 00:02:47.680 --> 00:02:49.990 align:middle line:84% attacks by limiting their user rights. 00:02:49.990 --> 00:02:53.320 align:middle line:90% 00:02:53.320 --> 00:02:55.690 align:middle line:84% So we need to come up with a plan 00:02:55.690 --> 00:02:58.120 align:middle line:84% when we begin limiting user rights. 00:02:58.120 --> 00:03:02.320 align:middle line:84% So perception - it's irrelevant if a user doesn't 00:03:02.320 --> 00:03:04.480 align:middle line:90% use certain network rights. 00:03:04.480 --> 00:03:06.910 align:middle line:84% The moment you take it away, many users 00:03:06.910 --> 00:03:08.980 align:middle line:84% are going to feel like they're being targeted 00:03:08.980 --> 00:03:12.370 align:middle line:84% or they're being unfairly restricted. 00:03:12.370 --> 00:03:15.280 align:middle line:84% Now, again, this comes down to perception. 00:03:15.280 --> 00:03:16.900 align:middle line:90% I used to have this. 00:03:16.900 --> 00:03:19.440 align:middle line:90% Now you took it away. 00:03:19.440 --> 00:03:21.540 align:middle line:84% Again, whether they ever used it, 00:03:21.540 --> 00:03:27.060 align:middle line:84% like if you take, say, remote access away, RDP, from a user, 00:03:27.060 --> 00:03:29.220 align:middle line:84% a user may have never used that in their life. 00:03:29.220 --> 00:03:32.850 align:middle line:84% But the moment that they're told, 00:03:32.850 --> 00:03:36.090 align:middle line:84% well, we're taking away remote desktop rights, 00:03:36.090 --> 00:03:38.250 align:middle line:84% well, hey, I might want to use that one day. 00:03:38.250 --> 00:03:39.980 align:middle line:90% Why did you take it away? 00:03:39.980 --> 00:03:44.030 align:middle line:84% Again, that's just a matter of perception. 00:03:44.030 --> 00:03:46.970 align:middle line:84% Determine what rights people need 00:03:46.970 --> 00:03:50.170 align:middle line:90% to do their jobs effectively. 00:03:50.170 --> 00:03:53.200 align:middle line:84% It's far easier to set the user's rights restricted 00:03:53.200 --> 00:03:56.500 align:middle line:84% to begin with and start ration it back rather 00:03:56.500 --> 00:03:59.650 align:middle line:90% than taking rights away later. 00:03:59.650 --> 00:04:02.560 align:middle line:84% If you need to start taking user rights away, 00:04:02.560 --> 00:04:05.320 align:middle line:84% you need to have a plan, when to do it, 00:04:05.320 --> 00:04:06.470 align:middle line:90% how you're going to do it. 00:04:06.470 --> 00:04:10.610 align:middle line:84% And most importantly, you really need to have a communication 00:04:10.610 --> 00:04:15.050 align:middle line:84% out to your staff on why the change is occurring. 00:04:15.050 --> 00:04:17.910 align:middle line:84% Not telling users what's going on, 00:04:17.910 --> 00:04:21.079 align:middle line:84% the reason why you're doing it, if it's not properly 00:04:21.079 --> 00:04:24.600 align:middle line:84% explained to them, again, that's - they may feel targeted. 00:04:24.600 --> 00:04:32.390 align:middle line:84% They may feel that you're being unfair to them. 00:04:32.390 --> 00:04:35.250 align:middle line:84% And with admins, you may consider a secondary admin 00:04:35.250 --> 00:04:35.750 align:middle line:90% account. 00:04:35.750 --> 00:04:39.440 align:middle line:84% So the idea behind this is you have two different accounts 00:04:39.440 --> 00:04:40.520 align:middle line:90% for admins. 00:04:40.520 --> 00:04:42.710 align:middle line:84% One is for everyday use, yet you have 00:04:42.710 --> 00:04:46.580 align:middle line:84% access to your everyday stuff that you need to get access to. 00:04:46.580 --> 00:04:48.590 align:middle line:84% Your secondary account, which you only 00:04:48.590 --> 00:04:52.370 align:middle line:84% use when absolutely necessary, would have elevated privileges, 00:04:52.370 --> 00:04:56.630 align:middle line:84% such as making changes to the domain or other higher level 00:04:56.630 --> 00:04:58.040 align:middle line:90% access. 00:04:58.040 --> 00:05:01.070 align:middle line:84% Now, the idea behind this is, your everyday driver 00:05:01.070 --> 00:05:02.610 align:middle line:90% account will be more limited. 00:05:02.610 --> 00:05:06.500 align:middle line:84% So since you use that the most, the chances of that getting 00:05:06.500 --> 00:05:11.890 align:middle line:84% attacked and then exploited, it's going to do less damage. 00:05:11.890 --> 00:05:15.340 align:middle line:84% Now, this may not work in certain situations. 00:05:15.340 --> 00:05:16.720 align:middle line:90% But it is a suggestion. 00:05:16.720 --> 00:05:19.570 align:middle line:90% 00:05:19.570 --> 00:05:22.860 align:middle line:84% Now, in wrapping up, a user with too much rights 00:05:22.860 --> 00:05:25.440 align:middle line:84% are a potential risk in whether this 00:05:25.440 --> 00:05:28.500 align:middle line:90% is accidental or intentional. 00:05:28.500 --> 00:05:30.960 align:middle line:84% User rights should be restricted to as close 00:05:30.960 --> 00:05:33.900 align:middle line:90% to an as-need basis as possible. 00:05:33.900 --> 00:05:36.960 align:middle line:84% And oftentimes, it's not possible to restrict 00:05:36.960 --> 00:05:39.210 align:middle line:84% user rights down to exactly what they just 00:05:39.210 --> 00:05:41.710 align:middle line:90% need due to various reasons. 00:05:41.710 --> 00:05:47.430 align:middle line:84% So having the approval of management once you figure out 00:05:47.430 --> 00:05:49.680 align:middle line:84% how much rights people are going to have is going 00:05:49.680 --> 00:05:53.130 align:middle line:84% to help, because at least if you had management's approval 00:05:53.130 --> 00:05:55.650 align:middle line:84% and blessing, then it actually could 00:05:55.650 --> 00:05:59.920 align:middle line:84% become a part of the actual rule for the office. 00:05:59.920 --> 00:06:02.550 align:middle line:84% And then you have something to fall back on. 00:06:02.550 --> 00:06:05.130 align:middle line:90% 00:06:05.130 --> 00:06:06.770 align:middle line:84% So this was about limiting user rights. 00:06:06.770 --> 00:06:08.270 align:middle line:84% In the next video, we're going to be 00:06:08.270 --> 00:06:10.040 align:middle line:84% talking about application reduction 00:06:10.040 --> 00:06:12.032 align:middle line:90% and why you should slim it down. 00:06:12.032 --> 00:06:12.990 align:middle line:90% Thank you for watching. 00:06:12.990 --> 00:06:15.010 align:middle line:90% I'll see you in the next video. 00:06:15.010 --> 00:06:16.000 align:middle line:90%