In: Computer Science
Discuss why protecting privileged administration and default accounts is a critical security control. 2. Research and identify websites that list the default passwords for common privileged accounts (e.g., Cisco router enable password, Microsoft SQL Server SA, Red Hat Linux root, etc.)
Before discussing why privileged accounts are protected we first
think about what is privilege accounts. By definition, Privileged
accounts are the most powerful users in any organization. These
accounts include shared accounts and superuser accounts. the
security of [rivilaged accounts are focused because mismanaged
privileges pose devastating risks to organizations, including
financial losses, reputational damage, regulatory penalties and
customer loss. To reduce the risk around shared and privileged
accounts, first and foremost there’s a need for
accountability.
The main type of privileged accounts usually found in an enterprise
or a company are listed below
Local Administrative Accounts
Privileged User Accounts
Active Directory or Domain Service Accounts
Application Accounts
Domain Administrative Accounts
Emergency Accounts
Service Accounts
after that, the question arises why protecting privileged
administration and default accounts is a critical security
control?
Your privileged accounts, such as your Windows Administrator
accounts, are required for your platforms to function properly.
Therefore, gaining control of these accounts is at the top of the
hacker's list, and equally important, the top of your auditor's
findings list, and is an essential component of compliance mandates
associated with Sarbanes-Oxley, the Payment Card Industry Data
Security Standard (PCI DSS), NERC, and HIPAA. Also, many of your
business partners are likely to ask for a review of controls
associated with your privileged accounts as part of their Statement
on Auditing Standards (SAS) 70 reviews.
access to most of these accounts gives the administrator what I
refer to as “SuperUser” status. For Windows, the Super
Administrator account is different from your current Administrator
account, as it gives your administrator much more power to change
things in the Operating system. Windows don’t call this a special
account, but it sure gives you some extra privileges over the
normal administrator account. Some of the privileges include but
aren’t limited to full administrator rights and override UAC (User
Access Control), to do some over-the-top troubleshooting.
The main key of security is called as privileged access control
and id discussed as Privileged accounts are often targeted by an
adversary due to their access across the breadth of an
organisation’s
network and systems. Restricting the use of built-in administrator
groups and accounts and delegating privileged
permissions by the principles of least privilege is an effective
way to reduce the impact and spread of
an adversary’s access during a cyber intrusion.
Techniques for the security of privileged accounts are
1. Ensure that unique identifiable accounts are linked to
individual users and they are authenticated every time
privileged access is granted on a system. This will ensure
accountability and attribution of all actions.
2. Restrict access for privileged accounts by issuing
administrators a standard user account in addition to
separate
privileged and unprivileged administrator accounts for
administrative purposes. Separate user and administrator
The common privileged accounts hacks are
Shared accounts – Looking to cut corners and make things
simpler, IT admins often re-use the same password across multiple
systems and among multiple administrators.
Social exploits – A seemingly innocuous email might be the finely
crafted work of a dangerous hacker.
Brute force – This old school model of hacking involves tools
commonly available on the Internet (like “rainbow tables”) that let
hackers break weak passwords and gain access to the network.
Default passwords – Many hardware devices and applications come
pre-configured with default passwords that are publicly known. If
these default passwords aren’t changed, they’re an easy access
point for a hacker.