ACSC programs and advice are being migrated to cyber.gov.au (see sidebar)

Secure Administration

Download ACSC Protect: Secure Administration (PDF), September 2015
First published 2014; updated September 2015

This document discusses the importance of secure administration and suggests one method of implementing a secure administration environment.

Introduction

Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the 'keys to the kingdom' as they allow the bearers to have access and control over many different assets within a network.

Privileged access is often a key goal of an adversary. An adversary can use privileged access to:

  1. Propagate malware to multiple workstations and servers
  2. Add new user accounts, including privileged accounts
  3. Bypass security controls for applications, databases and file servers
  4. Implement configuration changes to make future access easier.

Given the scale and complexity of enterprise networks, it is reasonable to assume that at least one standard user account and workstation within an organisation's Internet-connected network could be compromised by an adversary. As administrator accounts often have unrestricted access to critical resources, this document focuses on protecting sensitive accounts and resources from an adversary who has gained a presence on the network.

This document is designed to complement and expand upon the guidance contained within the Secure Administration chapter of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC).
 

Secure administration and the cloud

The primary intent of this document is to secure the administration of traditional corporate network assets, such as domain controllers and application servers, as well as the infrastructure used for the administration of these assets.

Administration of cloud-based infrastructure, systems and applications brings different challenges and may require a different approach. As such, not all security controls within this document may be directly applicable to the administration of cloud assets and may require assessment and adjustment before being applied to infrastructure used for cloud administration.

Throughout the document, the security controls will contain guidance on applying the recommendation within a cloud environment.

For guidance on how to use cloud services securely, consult ACSC’s Cloud Computing Security for Tenants.

Table of contents

  • Introduction
    • Rationale for implementing secure administration
    • Elements of secure administration
  • Privileged access control
    • Considerations when administering a cloud environment
  • Multi-factor authentication
    • Considerations when administering a cloud environment
  • Privileged workstations
    • Dedicated privileged workstations
    • The use of virtualisation to achieve dedicated workstations
    • Hardening privileged workstations
    • Considerations when administering a cloud environment
  • Logging and auditing
    • Considerations when administering a cloud environment
  • Network segmentation and segregation
    • Considerations when administering a cloud environment
  • Jump boxes
    • Considerations when administering a cloud environment
  • Further reading
  • Contact details

Contact details

Organisations or individuals with questions regarding this advice can contact the ACSC by emailing asd.assist@defence.gov.au or calling 1300 CYBER1 (1300 292 371).

In August 2018 ACSC launched a new website, cyber.gov.au, to reflect its new organisation.

Cyber security programs and advice are being migrated to cyber.gov.au. Information and advice on this site remains current.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies