Announcement

Collapse
No announcement yet.

danger of opened session under local admin on server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • danger of opened session under local admin on server

    Hello,

    I have a situation were application provider requires local admin opened sessions (but locked screen allowed ) on 4 servers (2008!) related to his applications. User account is domain member but must be a member of Local Admin group.

    I need "killer" answers showing why it is a full security compromisation.

    Or may be there is no any risk ?

    Thanks,
    Michael.
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: danger of opened session under local admin on server

    One of the biggest issues are malware. If the malware uses a token that's got full admin rights then it'll compromise that system.
    The locked screen is not a countermeasure, just a lame excuse.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: danger of opened session under local admin on server

      would UAC enabling eliminate the risk?

      I think for program installation yes but for data copy no.
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment


      • #4
        Re: danger of opened session under local admin on server

        It won't eliminate the risk but it'll add another hurdle for malware to deal with.
        In the other hand it'll add another step for
        the application to function properly
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: danger of opened session under local admin on server

          Thank you!
          "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

          Comment


          • #6
            Re: danger of opened session under local admin on server

            Originally posted by mla View Post
            would UAC enabling eliminate the risk?

            I think for program installation yes but for data copy no.
            TBH, if it can run with with UAC enabled... it should run as a service.

            Personally, as everyone else has said there is Malware concerns, but my concern would be what happens on Reboot? Do you use a Autologon to log the server in so that this application can re-start, or do you have to log in and restart the Server?

            If you use an autologon script, to log an admin onto a server, that opens up a large "in person" security hole. If someone can get physical access to the server, they can just reboot and have full access.

            If you have to log in and start it.... then thats a downtime issue.

            Other then that, having a admin account running 24 hours a day on a server is never a good idea as anything that gets on that server will have instant Admin rights.

            If you HAVE to run something like this, I would look at setting up a VM and have them all running on the VM (I do not know how Hardware intensive this app is). That way you can remove alot of your concerns, as well as have backup images so if anything does go worng you can switch them over to a 2nd image. It also allows you to lock the servers down, or even put them all into there own zones so there is 0 external access to lower the chances of Malware and Virus.

            Other then that, you could try running the application as a service by using something like http://serviceex.com/. I have not used this in a long time, but it worked for something I needed to get running as a Service (Steam.... Yeah I know, Gamer)

            Anyhow, this is a Bad idea, I would at lest convicne your company that you should invest in some extra secruity in the form of a VLan, VM or more physical secruity (Remember, I do not know if you have your servers in a Datacentre or if they are under the receptions desk).

            Wofen
            Good to be back....

            Comment

            Working...
            X