Analecta Cyber Company Blog: Who is Installing Software on YOUR Computers?

2019-02-26

Who is Installing Software on YOUR Computers?

Restricting software on domain controllor computer - Analecta Cyber graphic
Analecta Cyber banner graphic - Who is installing software on your computer
As important as it is to keep software updated and properly patched, it is also important to control which software is allowed on your machines. Without the right controls in place, personnel may be tempted to install unapproved software on your organization’s systems. This could introduce an unacceptable amount of risk to your devices and make them vulnerable to attack.

Flash on a domain controller - why?


Here is one example of how this could be a problem: during a cyber risk assessment for a client, our security experts discovered Adobe Flash running on a domain controller. Since a domain controller’s job is to respond to security authentication requests, it should have only the software required for its role installed on the server. Ordinary users should not be logging into the device and using it as a standard desktop, so there is no good reason for a multimedia content player to even be installed. To make matters worse, the version of Flash on the domain controller was significantly - as in multiple years - out of date and had some considerable security flaws.

So how did this come to be? There are a few ways something like this could have happened:
  • An administrator could have logged into the server and installed the software intentionally and forgot to remove it.
  • Principle of Least Privilege (PoLP) may not have been in place at the time and an authorized user unintentionally installed it thinking they were logged into a different machine.
  • An unauthorized user gained access due to poor security or password policy and installed the software. 

Why do you care?


Adobe Flash and Flash Player have always been known to be easy pickings for hackers to gain access to the machine it runs on. As recently as December 2018, Adobe Flash released a patch for a zero-day critical vulnerability. Just a month before, independent researchers found vulnerabilities affecting Flash on Windows, macOS, Chrome OS and Linux.

Restricting software on domain controllor computer - Analecta Cyber graphic

Unauthorized software on the domain controller brings up a number of troubling insights:
  1. Software isn't being patched.
  2. Software is being installed where it shouldn't be installed.
  3. No one is keeping track of which software is installed where (or it wouldn't be there and/or out of date).
  4. PoLP seems to be ignored somewhere in the organization.

Remove or disable Flash now!


Removing Flash is the safest bet, especially on any computers that are domain controllers. Unauthorized access to such a computer could have detrimental effects to your entire server. Dell has an updated guide for uninstalling all Flash versions on Windows. MacOS, Linux and Chrome OS have similar uninstall guides for various versions of their OS as well. And while you’re there, limit access to normal user accounts on these critically important machines!

Administratively restrict software installation


The moral of the story isn't that Flash is bad and you should take it out (even though you should), the moral is that you need to have processes in place to keep unauthorized installations from happening in the first place. Configuration change control processes in place means that only admins are allowed to make software changes to the machine. This helps add one more layer of protection to your network, your business and your bottom line.

Analecta is here to help!


If you need assistance reviewing your servers for network domain account permissions and approved software lists or need help drafting a domain controller policy from scratch, contact us at info@analecta-llc.com or visit our Cybersecurity website. We’d be glad to walk you through the process and ensure that you are hitting the mark in your cybersecurity needs.

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives. 


Analecta Cyber Logo





Further Resources

No comments :

Post a Comment