Network servers not safe from users

Australian businesses are compromising their server security by granting users local administrator privileges, according to a survey by security software vendor NetIQ.

Australian businesses are compromising their server security by granting users local administrator privileges, according to a survey by security software vendor NetIQ.

NetIQ interviewed around 100 local users at AusCERT for its Security Snapshot Survey and found 53 percent of respondents believe their organisations had experienced downtime due to unnecessary or unauthorised changes to servers.

NetIQ found 50 per cent of respondents also said they provided users with local administration privileges on their workstations.

Of those surveyed, 64 per cent of respondents said that they use legacy applications that require users to have local administrator privileges.

David Taylor, NetIQ regional director of Asia-Pacific, said the challenge for most organisations was many legacy applications required users to have administrator privileges to operate them.

“Organisations were unable to restrict administrators’ right to one designated person. By providing users with local administrator rights, they were enabling users to install any type of application on the server,” he said.

Almost 71 per cent of respondents believed administrators had been given too many privileges on their critical servers.

The majority of the participants also said this was due to the complexity of delegating access to business critical applications.

NetIQ’s Security Snapshot Survey at AusCERT asked users to provide their views on a range of matters, including the use of Group Policy in Active Directory for the management of security settings, auditing and reporting on server changes, and compliance with regulatory acts and standards.

Other findings uncovered by the survey include, 83 per cent of respondents use Group Policy to lock down their server and desktop systems.

Around 65 per cent of respondents do not lock down USB thumb drives or removable storage devices from high security systems.

More than 50 per cent of participants track what administrators are changing on each server and the majority track these changes by reviewing and reporting on audit logs (54 per cent).