Educause Security Discussion mailing list archives
On-demand Privilege Escalation Solution for Endpoints
From: Nitin Singh <Nitin.Singh () VU EDU AU>
Date: Wed, 28 Mar 2018 01:52:23 +0000
Good Day Folks, We are looking at possible solutions to allow administrative rights on endpoints. Currently by default our users get administrative rights (oooops!) on their machines which is for historic reasons to provide academic freedom and flexibility. And as you would know this freedom and flexibility comes with significant security exposure and risk for our University. Moving forward we will be removing all administrative rights on endpoints and looking to deploy a solution which can: 1. Allow demand Privilege Escalation from local machine regardless it is connected to University Network or Not 2. Limit the window of Escalated Rights such as allowing users to select how long they need administrative rights for and automatically removing privileges after selected period of 30mins, 2 hours, 4 hours or 8 hours. 3. Monitor, log and alert on all activities undertaken (including installation, download etc.) during the period of escalated rights 4. Block/notify users whenever download/installation of a malicious code/software is detected 5. Easy to use, install and does not require excessive operational overheads. Anyone who is using similar technologies or have explored such solutions who can share insights that would be highly appreciated. Rgds, Nitin Nitin Singh Director – ITS Security and Risk Assurance Information Technology Services (P) +61 3 9919 5849 (M) +61 430 989 430 Victoria University CRICOS Provider No. 00124K (Melbourne) CRICOS Provider No. 02475D (Sydney) [signature_642530089]
Current thread:
- On-demand Privilege Escalation Solution for Endpoints Nitin Singh (Mar 27)
- Re: On-demand Privilege Escalation Solution for Endpoints Davis, Chris (Mar 27)
- Re: On-demand Privilege Escalation Solution for Endpoints WALTER KERNER (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints Shen, Philip (ps7xj) (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints Biggs, Nathanael (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints Davis, Chris (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints Biggs, Nathanael (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints Shen, Philip (ps7xj) (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints WALTER KERNER (Mar 28)
- Re: On-demand Privilege Escalation Solution for Endpoints Davis, Chris (Mar 27)