Do you remember the last time you had to reset the password for an admin user? Or the time you last updated the network share permissions for an intern? While these seem like mundane tasks, a simple misconfiguration during either of these processes could result in a security breach.
Regardless of the company’s size, IT is structured to work with different types of accounts. Every account, whether it’s a privileged user account or an external consultant account, has a pre-written job function that defines the level of access of the account. The job function also determines other characteristics, such as the period of activeness (life span) of the account and if there is a shift in a user’s position or role. These characteristics also determine the modifications in the user’s access permissions.
Administrators, help desk technicians, and security professionals deal with various types of accounts everyday. They create them, modify them, and supervise them throughout their time in an organization.
Why are these accounts important to consider?
Accounts dictate access to the resources in a network. From the most trivial access like a logon to a kiosk machine to highly privileged access to a confidential folder that holds domain configuration details, accounts settings directly impact security. As a matter of fact, the major reason behind some of the most devasting security breaches is a poorly managed or exposed accounts.
Hard to believe? The recent EKANS ransomware attacks on Honda and Enel Group was due to the exposed Remote Desktop Protocol (RDP) credentials of users. The recent breach of social media giant Twitter, which led to the compromise of accounts belonging to many business leaders, elected officials, and celebrities, was the result of tricking a group of internal users and gaining access to Twitter’s administrative panel.
Organizations often spend excess time and money establishing advanced security controls to detect sophisticated attacks but tend to pay little attention to the fundamentals of security. If the various accounts used in everyday IT activities are not configured and secured well, they can act as a gateway for malicious entry.
The attack techniques used in many sophisticated breaches aren’t always direct, and instead take advantage of configuration mishaps and vulnerabilities with platforms that enable attackers to reach their goal. And since these attacks depend on flaws within the system, they can easily be disguised as legitimate system processes.
Considering that administrators are typically overloaded with tasks, it’s impractical and unfair to expect them to manually monitor every account activity granularly. This e-book is a collected list of activities to do and not to do on various types of commonly used accounts.
These are tips handpicked after listening to the most common problems voiced by various admins around the world. Following the guidelines mentioned in the e-book to the last detail will help protect your accounts from misuse and help you to safeguard your business from data breaches and insider attacks.