Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ramon
Newcomer II
‎03-23-2018 08:27 AM
‎03-23-2018 08:27 AM

Best Practices for privileged account on laptops

At our company we've implemented a new security policy for our engineers. The engineers use their laptop as a Swiss army knife, the develop code install software and read their company mail on the device.

 

In the days where the domain account of the engineer was also a local admin, our engineers where happy and content with the policy. Due to mal- and ransomware we started a proof of concept where we changed to a local named admin account to do the programming and installing, and a domain account to access e-mail, ERPand office via Citrix.

 

In my opinion this is an acceptable solution, this is our normal 'modus operandi' at the IT department, if we need to install something we use the 'runs as...' command.

 

But you guessed it: Our engineers are not happy with the new policy. So what do you recommend? Have you encountered the same issues and how did you resolve those?

Reply
0 Kudos
21 Replies
rslade
Influencer II
‎11-28-2018 02:37 PM
‎11-28-2018 02:37 PM

> metasploit (Viewer II) posted a new reply in Tech Talk on 11-27-2018 08:09 PM in

> CyberArk EPM can easily fit your needs.  
[...]
>   Email: sam.lu@cyberark.com

Should we even *pretend* that this isn't just a big sales machine?

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
We learn from experience that men never learn anything from
experience. - George Bernard Shaw
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
joseksamuel
Newcomer I
‎11-30-2018 02:52 PM
‎11-30-2018 02:52 PM

Why would your devs be writing and testing code on their personal systems? They should be doing this in a dev environment. How would you control versioning, test, release if everyone's doing their own thing?

 

Reply
0 Kudos