I assume you’ve had your hands on at least one set of administrative credentials in your life. I’d also make the assumption that you’ve used that account as your everyday account. You know, the one we use to check mail, surf the web, update facebook, download porn… you know, that kind of stuff.
That’s a bad idea.
Why, you might ask. Doing so, opens yourself up for quite a lot of trouble.
Time to take a step back…. Let’s imagine for a moment that you’re just another user. What kind of access would you have on the network? Hopefully you’ve just said ‘as little as possible’ or ‘only what you need’ or similar. Well, why is that? Security. The idea of least access says that I can do only what I need to do to complete my job.
Whoa! But I’m the admin! I need access to everything!
This may be true, but probably not. Think about your average day. What do you really do? Occasionally you install some software, create user accounts, update systems… the list can go on. Now, let’s really think about that… How often do those tasks happen and where do you perform them. Know that you’ve answered those questions, let’s move on.
Everyone on your network should have a user account. That is, a limited account with least access to the resources they need. For an administrator, this means you have an account with very limited access to install software, run updates, make system changes and the like. Just like everyone else. This is the account you work with daily. You log in, surf the web, read the news, send email, check blogs, etc… all that work stuff.
BUT WAIT
You also create an account for yourself with administrative rights. This account, is used whenever you need to perform an administrative task.
Have this account separate account means that any time you want to do something that requires administrative access you MUST think “Do I really want to do this”? I bet you find yourself saying “no, not really” quite a lot after this. Separate accounts also gives you a nice way of monitoring changes on your network. By having separate logins, you can see when (and who) is making administrative changes on your network.
I’m tired..
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.