Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Restricting PC Admin Rights

From: Frank Barton <bartonf () HUSSON EDU>
Date: Mon, 13 Aug 2018 15:19:48 -0400
Rick, one thing to keep in mind that we've run across is software
licensing. We have many a faculty member that is also a student at another
institution (I'm pretty sure this is very common). As such they may have a
license for, say, MatLab. However, that license does not allow it to be run
on our computers.
Along a similar line "free for personal use" licenses can be problematic
also.

keeping a list of approved, and licensed software is important, as is
having a protocol to follow for new software requests (and avoiding
software sprawl)

Frank

On Mon, Aug 13, 2018 at 2:50 PM, Richard Gould <Richard.Gould () asu edu>
wrote:


Having just transitioned jobs here at Arizona State University I can feel
the pain of not having admin rights in attempting to install the necessary
software to perform my job.
I completely agree with the principal of removing admin rights, however,
as previously stated, make the help desk and supporting personnel
understand and are responsive to assisting users when and where ever they
may be.  I believe demonstrating this support is crucial to having this
type of policy being accepted.


Best Regards,
Rick

Richard (Rick) Gould
OKED Information Security Officer
ASU Office of Knowledge Enterprise Development
Advancing Research, Entrepreneurship and Economic Development
Research Technology Office
researchmatters.asu.edu
<https://urldefense.proofpoint.com/v2/url?u=https-3A__researchmatters.asu.edu&d=DwMF-g&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=c49WKrLuBs_RS3iFgcttCRJLUcbz3dhBrUZyg1_CcHU&m=1UMdcbMXB44k1Ov8WbhVfIlU3_rwIvrNy5nMllmBvQw&s=HOcoPhigIBGeznO2FdHvnO1hSteEvaa_fS-3I0pQEJE&e=>
 | research.asu.edu
<https://urldefense.proofpoint.com/v2/url?u=https-3A__research.asu.edu&d=DwMF-g&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=c49WKrLuBs_RS3iFgcttCRJLUcbz3dhBrUZyg1_CcHU&m=1UMdcbMXB44k1Ov8WbhVfIlU3_rwIvrNy5nMllmBvQw&s=5LabnE1-iCE6H-IzDJhYuC4gcLg_9lWi7x_CiSHIJVs&e=>

------------------------------
*From:* Richard Gould
*Sent:* Monday, August 13, 2018 11:44:19 AM
*To:* The EDUCAUSE Security Constituent Group Listserv
*Subject:* Re: [SECURITY] Restricting PC Admin Rights


Having just transitioned jobs here at Arizona State University I can feel
the pain of not having admin rights in attempting to install the necessary
software to perform my job.

I completely agree with the principal of removing admin rights, however,
as previously stated, make the help desk and supporting personnel
understand and are responsive to assisting users when and where ever they
may be.  I believe demonstrating this support is crucial to having this
type of policy being accepted.


Best Regards,
Rick

Richard (Rick) Gould
OKED Information Security Officer
ASU Office of Knowledge Enterprise Development
Advancing Research, Entrepreneurship and Economic Development
Research Technology Office
researchmatters.asu.edu | research.asu.edu

------------------------------
*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Boyd, Daniel <dboyd () BERRY EDU



*Sent:* Monday, August 13, 2018 11:35:48 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Restricting PC Admin Rights


I am about to take up this fight at my institution. I’ll also be closely
watching this thread and would also appreciate any input on strategy and
marketing that anyone can offer, as I am rather new at this job (only six
weeks in and already going for the heavyweights…).



I would be glad to take any conversations offline and would report back a
summary to the list, if anyone is interested.



Dan





Daniel H. Boyd (94C)
Director of Information Security

Office for Information Technology

Information Security Advisory Group Chair
Berry College
Phone: 706-236-1750
Fax:     706-238-5824


There are two rules to follow with your account passwords:
1. NEVER SHARE YOUR PASSWORDS WITH ANYONE (EVEN OIT!!!!)
2. If unsure, consult rule #1







*From:* Davis, Chris <CDavis () LOURDES EDU>
*Sent:* Monday, August 13, 2018 12:03 PM
*Subject:* Re: [External Sender] [SECURITY] Restricting PC Admin Rights



For such an easy security measure, this always creates havoc.  On the IT
side of things, so many things can be prevented with a least privilege
model.  However, from the other side of the house, we always meet huge
resistance because we are “taking away admin rights” from our users.



People feel like we don’t trust them.  And from a certain point of view
that is right.  In the security world, we should not trust anyone.  But at
the same time, the people I really don’t trust are those that are targeting
our employees.  So, this is measure that gives some quick security at no
cost, other than a change in the way our users do things.



I will be watching this thread closely.



Chris





*Christopher Davis, Ph.D.*
Chief Information Officer
Assistant Professor of Education
Apple Teacher
Lourdes University
6832 Convent Blvd
<https://maps.google.com/?q=6832+Convent+Blvd&entry=gmail&source=g> | REH
003P | Sylvania, OH 43560
cdavis () lourdes edu

*CyberAware – Be aware. Stay Secure!*
Lourdes University will never ask you to send sensitive information
through unsecure channels. Report any message that asks you to provide
or confirm personal information such as credit card and/or bank
account numbers, Social Security numbers, passwords, etc. or any
other suspicious activity to infosec () lourdes edu. For more information
please visit lourdes.edu/cyberaware.

*CONFIDENTIALITY NOTICE: *The contents of this email message and any
attachments are intended solely for the addressee(s) and may
contain confidential and/or privileged information and may be
legally protected from disclosure. If you are not the intended recipient of
this message or their agent, or if this message has been addressed to
you in error, please immediately alert the sender by reply email and then
delete this message and any attachments. If you are not the intended
recipient, you are hereby notified that any use, dissemination, copying, or
storage of this message or its attachments is strictly prohibited.



On Aug 13, 2018, at 11:06 AM, Pardonek, Jim <jpardonek () LUC EDU> wrote:



Not sure if there is somewhere else I can get this info, I’m sure it’s
been asked before, but I am checking to see how many of your institutions
restrict admin rights.  We are putting a proposal together to leadership to
do exactly that as we have had a number of folks fall for scams that
involve the installation of software on their PCs.



Thanks,





*James Pardonek, MS, CISSP, CEH, GSNA*

*Information Security Officer*


* Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660&entry=gmail&source=g>  60660
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660&entry=gmail&source=g>
*
* (**: (773) 508-6086 <(773)%20508-6086>*



*Loyola University Chicago will never ask you for your username or
password.*

*For the lastest information security news at Loyola, please follow us
online,*

*Twitter: @LUCUISO*

*Facebook: https://www.facebook.com/lucuiso/
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_lucuiso_&d=DwMGaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=c49WKrLuBs_RS3iFgcttCRJLUcbz3dhBrUZyg1_CcHU&m=Q75ixvoqVeUw7BThen-xANo2hloEPAQWSD50W_OkDvQ&s=tqASCGHJ8W4kNIDCdo6sOxR-fJ1b0NqjdhMxvfFAzEk&e=>*

*Our Blog http://blogs.luc.edu/uiso/
<https://urldefense.proofpoint.com/v2/url?u=http-3A__blogs.luc.edu_uiso_&d=DwMGaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=c49WKrLuBs_RS3iFgcttCRJLUcbz3dhBrUZyg1_CcHU&m=Q75ixvoqVeUw7BThen-xANo2hloEPAQWSD50W_OkDvQ&s=9Qd87QgXPQN5cWQpfeaR7cJmoeoATyPPljrsbWWVDAU&e=>*







-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
Previous By Date Next
Previous By Thread Next

Current thread: