COI Report –
Part VIIPage
307 of
425 40.5.1 Establish clear policies in relation to the use and management of server local administrator accounts 895. Server local administrator accounts area security problem because one set of login credentials is typically used by many IT administrators. This can make it difficult or even impossible to implement an identity-based access management policy because the specific person gaining access to a server cannot be tracked at any given time.
896. The password for the LA. account was compromised, with the same account and the same password being used across all Citrix servers. Such local privileged accounts must not be configured with the same credentials across systems. The use of the
same local admin password on every server helped the attacker to move laterally within the network. One server ‘taken-over’ meant that all of them were owned by the attacker. Since the local administrator account can control everything that can be performed on a server, if the single password
is compromised on any server, all systems are susceptible to compromise.
897. We note that HITSPS makes no express reference to account management or password policies specific to the management of local administrator accounts
(
e.g. there is no policy that the same password cannot be used to local administrator accounts across multiple servers.
898. Specific policies addressing server local administrator
passwords must be formulated, with the necessary tools put in place to enforce and ensure compliance with these policies. Examples of such policies include a) Change Default Usernames and Passwords - change all default usernames and passwords for local admin accounts These policies are drawn from the CIS Controls Version 7.
