Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • CIS Control 5: Account Management
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CIS Control 5: Account Management

4 years ago John Wenning
CIS Control 5: Account Management

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment and this includes service accounts.

Establishing and maintaining visibility on all accounts can protect assets in multiple ways. If an adversary is able to attack from a different vector that we do not have any visibility into, like a new zero day vulnerability or a successful phishing attack, the adversary may first attempt to establish persistence and one of the most common ways to maintain that persistence is through an addition or modification of an account. If we maintain good account management, we may be able to detect an attack before they are able to establish that persistence, even if the initial vector of the attack was not the account itself (such as brute force attack).  

Account Management also includes password requirements, lock outs on failed log in attempts, logging out after a period of inactivity as well as never using default passwords or sharing accounts. Privileged accounts should only be used for tasks that require it.  

Key Takeaways for Control 5

  • Policy. Have a policy in place that specifies all the parameters of creating an account including password strength, etc.
  • Have an inventory and track changes. Establish an inventory and use Active Directories or other technologies and tools to centralize management of accounts. Track any changes to the accounts.

Safeguards for Control 5

5.1) Establish and Maintain an Inventory of Accounts

Description: Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person’s name, username, start/stop dates, and department. Validate that all active accounts are authorized on a recurring schedule at a minimum quarterly or more frequently.

Notes: All accounts should be valid accounts. New accounts and changes to existing accounts should be tracked and verified as legitimate additions. Service accounts also need to be scrutinized to ensure they are only being used as intended. The unauthorized creation or changing of an account is often the first task an adversary does in order maintain persistence.

5.2) Use Unique Passwords

Description: Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using multi-factor authentication (MFA) and a 14-character password for accounts not using MFA.

Notes: This isn’t just for the enterprise. If you reuse passwords and there is a data breach, they can use your password for other accounts. Always choose unique passwords, and always change default passwords

5.3) Disable Dormant Accounts

Description: Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported.

Notes: A future data breach could spell real trouble if old accounts are not disabled. Disabling accounts can also be automatic by creating expiration dates for the account if the system supports it.

5.4) Restrict Administrator Privileges to Dedicated Administrator Accounts

Description: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.

Notes: Administrator and root accounts should only be used for the tasks that require them. Using email, a web browser, etc. should always be done with non-privileged accounts.  

5.5) Establish and Maintain an Inventory of Service Accounts

Description: Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized on a recurring schedule at a minimum quarterly, or more frequently.

Notes: Tracking what is happening with accounts includes service accounts, not just user accounts

5.6) Centralize Account Management

Description: Centralize account management through a directory or identity service.

Notes: This means use Active Directory and domains or some other centralized system for management

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber-attack vectors by downloading this guide here.

Read more about the 18 CIS Controls here:

CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 2: Inventory and Control of Software Assets

CIS Control 3: Data Protection

CIS Control 4: Secure Configuration of Enterprise Assets and Software

CIS Control 5: Account Management

The post ” CIS Control 5: Account Management” appeared first on TripWire

Source:TripWire – John Wenning

Tags: Critical Severity, Phishing, TripWire

Continue Reading

Previous Crystal Valley Farm Coop Hit with Ransomware
Next Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

14 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

20 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

23 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT