Secure Your Infrastructure with Least Privileges

Hi,

I would like to post this topic on securing you infrastructure with some least privileges based on server requirement. Everybody love to make some more easy and full privileges to some extent. but have you cross to your mind to secure your infrastructure.

I believe that by using Windows Environment, Active Directory is the most famous service where system admin like to centralize. I agree with that. And the highest privileges in AD environment are Domain Admins for every child domains and Enterprise Admins for Forest and Child domains.

Of course, in lab environment system admin like to use domain admins and enterprise admin even myself. However, in production zone, I would not suggest to have so much domain users given or attached with those domain admins enterprise admins. It was quite and most scary.

In the attachment, I did summarize some of all privileges based on the services required.

For example, in DHCP Server, in a AD domain environment, you may require Delegation permission to authorize to the AD for first time configuration.. Also, to manage DHCP Server, you can only have DHCP administrators without domain admins.

 

Attachment:

Requirement Privilege Document

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s