Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page252/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   248   249   250   251   252   253   254   255   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 311 of 425

(c) Privilege Management – It is a best practice to implement the principle of least privilege. Only provide the minimum necessary privileges to service accounts. For example Restrict Interactive Logins – An interactive login is a process whereby the user gains access to the network by entering a username and password in response to a dialog box on the local console. Service accounts are not used by human users, and interactive login privileges are unnecessary. Restrict Remote access – Service accounts are typically used to login to services or applications on the host server itself, and privileges allowing the service account to remotely login to a server, from elsewhere in the network, are unnecessary. d) Disable Dormant or Inactive Accounts – Automatically disable dormant or inactive service accounts after a set period of inactivity. e) Log and Alert on Unsuccessful Service Account Login – Configure systems to issue a log entry and alert on unsuccessful logins to a service account. f) Frequent Privilege Review – Automated checks should be carried out at fixed intervals to ensure that the privilege levels of service accounts have not been inadvertently or intentionally elevated beyond that which was granted. g) Monitor Attempts to Access Deactivated Accounts – Monitor attempts to access deactivated service accounts through audit logging.


COI Report – Part VII
Page 312 of 425

(h) Alert on Account Login Behavior Deviation - Alert when service accounts deviate from normal login behavior, such as time-of-day, workstation location and duration. i) Not hardcoding or including administrator credentials in cleartext in scripts on servers - In addition to having carried out a scan to identify all scripts containing administrator credentials in text files stored in shared folders on servers, we note that IHiS plans to continue to conduct such scans periodically and take disciplinary action on administrators who are found to not comply with security policies on the creation of such scripts.
40.6.2
Create and maintain an inventory of service accounts, and disable
accounts which are unnecessary
909. Locking down service accounts must be a basic component of the hardening strategy for servers. An inventory of all existing service accounts must be created, and existing privileges should be reviewed with the view to granting the least privileges necessary. When new servers are provisioned, specific regard should be given to reviewing the service accounts that are created, and whether such service accounts (and the underlying service) are necessary. Unnecessary accounts should be disabled as part of basic account administration hygiene.


Download 5.91 Mb.

Share with your friends:
1   ...   248   249   250   251   252   253   254   255   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy