🔒 Secure Bits 💡
Why should you use Privileged Access Workstations (PAWs)?
Accessing your infrastructure through a basic user device leaves your privileged account credentials in the device’s memory, and it is making you susceptible to keyloggers (software or hardware) that can capture these credentials.
To mitigate this risk, implement PAWs in your environment and manage your infrastructure only from these secure points. You should have one PAW per existing Tier (as discussed in our last post on the Tiering Model). While it might seem complicated and expensive, you can use virtualization to your advantage. Ensure the host is a protected hardware machine without internet access and with security baselines in place. Never host your PAW VMs on a user’s workstation, as the host can always compromise the VMs.
If you want to learn more about PAWs, I’m excited to announce that my Windows Infrastructure Security course will be available soon. It will cover this topic in detail.
