UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for controlled use of administrative privileges requirements.
Requirement
Administrative accounts and credentials must use strong authentication, be separated from high-risk activities, and meet all requirements from the Account Monitoring and Management control.
Description of Risk
Attackers make unauthorized use of administrative privileges to discover and compromise covered data. High risk activities increase the likelihood of introducing malicious code that takes advantage of unpatched vulnerabilities. Additionally, malware introduced through administrative activities is more likely to capture administrative passwords or read files containing private keys or other administrative credentials.
Recommendations
Administrative credentials are system user accounts that are authorized to perform system and security related functions that ordinary users are not authorized to perform. Examples of system and security related functions include starting/stopping application services, creating/updating other user accounts, etc. Consider the recommendations below to effectively secure administrative credentials.
Strong Authentication
Advancing password cracking techniques and computing power have reduce the effectiveness of previously established best practices for passphrase complexity. Therefore it is necessary for administrative credentials to adopt stronger passphrase complexity requirements in addition to MSSND minimum passphrase complexity requirements. Administrative accounts with access to covered systems should:
-
Use longer passphrase of ten (10) characters or more
-
Contain characters from two of the following three character classes:
-
Alphabetic (e.g., a-z, A-Z)
-
Numeric (i.e. 0-9)
-
Punctuation and other characters (e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
-
Avoid High Risk Activities
To limit the use of administrative credentials in high risk activities, resource proprietors and resource custodians should:
-
Create separate non-administrative accounts to perform activities that do not require administrative privilege, such as reading email, using a web browser, or reading and editing general documents.
-
Use administrative credentials only to perform application specific functions that require administrative privilege.
-
Logout from administrative accounts when not in use.