Secure Administration

Download ACSC Protect: Secure Administration (PDF), September 2015
First published 2014; updated September 2015

This document discusses the importance of secure administration and suggests one method of implementing a secure administration environment.


Privileged access allows administrators to perform their duties such as establishing and making changes to key servers, networking devices, user workstations and user accounts. Privileged access or credentials are often seen as the 'keys to the kingdom' as they allow the bearers to have access and control over many different assets within a network.

Privileged access is often a key goal of an adversary. An adversary can use privileged access to:

  1. Propagate malware to multiple workstations and servers
  2. Add new user accounts, including privileged accounts
  3. Bypass security controls for applications, databases and file servers
  4. Implement configuration changes to make future access easier.

Given the scale and complexity of enterprise networks, it is reasonable to assume that at least one standard user account and workstation within an organisation's Internet-connected network could be compromised by an adversary. As administrator accounts often have unrestricted access to critical resources, this document focuses on protecting sensitive accounts and resources from an adversary who has gained a presence on the network.

This document is designed to complement and expand upon the guidance contained within the Secure Administration chapter of the Australian Government Information Security Manual (ISM) produced by the Australian Signals Directorate (ASD).

Secure administration and the cloud

The primary intent of this document is to secure the administration of traditional corporate network assets, such as domain controllers and application servers, as well as the infrastructure used for the administration of these assets.

Administration of cloud-based infrastructure, systems and applications brings different challenges and may require a different approach. As such, not all security controls within this document may be directly applicable to the administration of cloud assets and may require assessment and adjustment before being applied to infrastructure used for cloud administration.

Throughout the document, the security controls will contain guidance on applying the recommendation within a cloud environment.

For guidance on how to use cloud services securely, consult ASD’s Cloud Computing Security for Tenants.

Table of contents

Contact details

Organisations or individuals with questions regarding this advice can contact the ACSC by emailing or calling 1300 CYBER1 (1300 292 371).