Knowing who owns credentials, how that information is granted, and how it is used is the foundation of any secure environment. It starts with user accounts and the credentials they use. Maintaining a complete inventory of all accounts and verifying that any changes made to these accounts are authorized and intentional versus unintentional is paramount in establishing a secure environment and this includes service accounts.
Establishing and maintaining visibility across all accounts can protect assets in several ways. If an adversary is able to attack from a different vector to which we have no visibility, such as a new zero day vulnerability or a successful phishing attack, the adversary can first attempt to establish persistence. and one of the most common ways to maintain this persistence is by adding or modifying an account. If we maintain good management of the accounts, we may be able to detect an attack before they are able to establish that persistence, even if the initial vector of the attack was not the account itself ( as a brute force attack).
Account management also includes password requirements, locks for failed login attempts, logging out after a period of inactivity, and never using default passwords or accounts. sharing. Privileged accounts should only be used for tasks that require them.
Key takeaways for Control 5
- Politics. Have a policy in place that specifies all the settings for creating an account, including password strength, etc.
- Have an inventory and track changes. Establish an inventory and use Active Directory or other technologies and tools to centralize account management. Track all changes to accounts.
Safeguards for control 5
5.1) Establish and maintain an inventory of accounts
The description: Establish and maintain an inventory of all accounts managed in the business. Inventory (Read more …)