Lesson 2 - Least Privilege No one should have administrative access. All elevated access should be checked out when you need it and checked back in (automatically if possible). Just like UAC. MFA should be required, proximity or push based. And every use of a break glass account should be highly monitored
I think “Least Privilege” has been harped on at least … you know what, let me wager that you can’t find a single infosec or hacking conference from 2000 until now (2022) that doesn’t have 4 talks with the words “least privilege” in the talk.
↧