What is a Privileged Access Workstation (PAW)?

library
crime | hacking | security

Ask the Experts — about a technological game of keep-away that protects the most precious resources from the greatest dangers.

Question: What is a Privileged Access Workstation? And how does a PAW work?

Tal Zamir, co-founder and CEO, Hysolate — Workstations used by privileged users can easily become an attacker’s shortcut into the heart of the enterprise. One best practice for protecting privileged user devices is providing each such user a dedicated operating system that is exclusively used for privileged access — a concept known as Privileged Access Workstations (PAW).

This dedicated OS mustn’t be used for web browsing, email, and other risky apps, and should have strict app whitelisting. It shouldn’t connect to risky external WiFi networks or to external USB devices. Privileged servers must not accept connections from a non-privileged OS.

You must also keep the user’s experience in mind. To avoid forcing users to use two separate laptops, consider leveraging virtualization technologies (e.g. VirtualBox/Hyper-V) that allow a single laptop to run two isolated operating systems side-by-side, one for productivity and one for privileged access. Also consider solutions dedicated to the concept of PAW.

Related content:

What’s in a WAF?
“It Wasn’t Me,” Reprise
How to Comprehend the Buzz About Honeypots

The Edge is Dark Reading’s home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio

Article source: https://www.darkreading.com/edge/theedge/what-is-a-privileged-access-workstation-(paw)/b/d-id/1336944?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Comments are closed.