SysAdmins Should Lose Exclusive Root Access, Pen Testers Say

System aministrators should not be the only ones with root access rights in a company, penetration testers Aaron Beuhring and Kyle Salous said, according to The Register. To help enterprises deter hackers, the researchers shared a series of security commandments at the recent MIRCon conference in Washington.

Companies should first make targeted malware too expensive by hardening their systems, the pen testers advised. Enterprises could also implement low-cost security measures such as changing access controls, whitelisting and efficient group policies.

You can train users all you want, but unless they are reverse-engineers, they aren’t going to stop clicking things,” Aaron Beuhring said. “We’re not saying whitelisting is easy. You need to create inventory of programs you run and you need to understand the protocols they run on.”

To understand what is being used, enterprises should place their application control systems into “listening mode,” the pen testers said. Companies should also have several administrators for their systems, while regular employees should never be given admin rights.

“None of your users should ever log in as administrator,” Kyle Salous added. “Create a separate admin account for everyone in your tech department. Every time we make attackers` work harder is an opportunity to detect their activity.”

The two researchers also talked about Cryptolocker and its “cool aspect of encrypting all the data.” The ransomware, which Bitdefender has technically documented since 2013, made headlines this year after infecting the systems of over half a million victims.

For more information on the pen testers` golden rules, listen to their podcast. Bitdefender also advises companies to install an enterprise security solution.