Implementing Least-Privilege Administrative Models (learn.microsoft.com)
from redfox@infosec.pub to cybersecurity@infosec.pub on 11 Apr 2024 21:48
https://infosec.pub/post/10948945

Does anyone fully implement workstation and server logon restrictions, and priviledged access workstations (PAW) as prescribed by NIST/STIG/CIS?

The URL is Microsoft’s long description of the same concepts.

Specifically from the above, there’s a few things like:

Question:

Does anyone actually do any of this at their organization?

If so, to what degree?

People hated red forest because it was a whole other set of infrastructure to baby sit.

People hate air gapped systems because no remote access or work from home.

The above doesn’t work well with cloud, and as a result Microsoft (just as an example) pushed for the new hybrid PIM models replacing their old red forest concept.

I’m just curious.

#cybersecurity

threaded - newest

PaddleMaster@beehaw.org on 12 Apr 2024 00:49 collapse

Some of that, yes. I work for a university that’s government adjacent, so we have to get audited pretty often. Part of that is proving that we STIG and conform to other frameworks. But within certain labs, access is remote only, so I’m not sure how they would handle having a PAW, when there’s probably just a few admin accounts that have strict rules and limits applied.

redfox@infosec.pub on 12 Apr 2024 00:51 collapse

What do you guys use for STIG audit?

Manual STIG viewer or SCAP?