Question

Discuss why protecting privileged administration and default accounts is a critical security control. 2. Research and identify websites that list the default passwords for common privileged accounts (e.g., Cisco router enable password, Microsoft SQL Server SA, Red Hat Linux root, etc.)

Answer 1

Before discussing why privileged accounts are protected we first think about what is privilege accounts. By definition, Privileged accounts are the most powerful users in any organization. These accounts include shared accounts and superuser accounts. the security of [rivilaged accounts are focused because mismanaged privileges pose devastating risks to organizations, including financial losses, reputational damage, regulatory penalties and customer loss. To reduce the risk around shared and privileged accounts, first and foremost there’s a need for accountability.
The main type of privileged accounts usually found in an enterprise or a company are listed below
Local Administrative Accounts
Privileged User Accounts
Active Directory or Domain Service Accounts
Application Accounts
Domain Administrative Accounts
Emergency Accounts
Service Accounts

after that, the question arises why protecting privileged administration and default accounts is a critical security control?

  
Your privileged accounts, such as your Windows Administrator accounts, are required for your platforms to function properly. Therefore, gaining control of these accounts is at the top of the hacker's list, and equally important, the top of your auditor's findings list, and is an essential component of compliance mandates associated with Sarbanes-Oxley, the Payment Card Industry Data Security Standard (PCI DSS), NERC, and HIPAA. Also, many of your business partners are likely to ask for a review of controls associated with your privileged accounts as part of their Statement on Auditing Standards (SAS) 70 reviews.
access to most of these accounts gives the administrator what I refer to as “SuperUser” status. For Windows, the Super Administrator account is different from your current Administrator account, as it gives your administrator much more power to change things in the Operating system. Windows don’t call this a special account, but it sure gives you some extra privileges over the normal administrator account. Some of the privileges include but aren’t limited to full administrator rights and override UAC (User Access Control), to do some over-the-top troubleshooting.

The main key of security is called as privileged access control and id discussed as Privileged accounts are often targeted by an adversary due to their access across the breadth of an organisation’s
network and systems. Restricting the use of built-in administrator groups and accounts and delegating privileged
permissions by the principles of least privilege is an effective way to reduce the impact and spread of
an adversary’s access during a cyber intrusion.
Techniques for the security of privileged accounts are

1. Ensure that unique identifiable accounts are linked to individual users and they are authenticated every time
privileged access is granted on a system. This will ensure accountability and attribution of all actions.
2. Restrict access for privileged accounts by issuing administrators a standard user account in addition to separate
privileged and unprivileged administrator accounts for administrative purposes. Separate user and administrator

The common privileged accounts hacks are

Shared accounts – Looking to cut corners and make things simpler, IT admins often re-use the same password across multiple systems and among multiple administrators.
Social exploits – A seemingly innocuous email might be the finely crafted work of a dangerous hacker.
Brute force – This old school model of hacking involves tools commonly available on the Internet (like “rainbow tables”) that let hackers break weak passwords and gain access to the network.
Default passwords – Many hardware devices and applications come pre-configured with default passwords that are publicly known. If these default passwords aren’t changed, they’re an easy access point for a hacker.