Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page250/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   246   247   248   249   250   251   252   253   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 308 of 425

(b) Use Unique Passwords – local admin accounts must use passwords that are unique to that system c) Disable Dormant Accounts - Automatically disable dormant accounts after a set period of inactivity d) Log and Alert on Unsuccessful Administrative Account Login - Configure systems to issue a log entry and alert on unsuccessful logins to a local administrator account e) Monitor Attempts to Access Deactivated Accounts - Monitor attempts to access deactivated accounts through audit logging and f) Alert on Account Login Behavior Deviation - Alert when users deviate from normal login behavior, such as time-of-day, workstation location and duration.
40.5.2
Access to server local administrator accounts should be made
available on a needs-only basis
899. Local accounts are harder to manage than domain accounts. Changing a domain account is easily done in one place, affecting all computers where the account is used. A local account is modified on the workstation where it exists. Using Group Policy Preferences, some local account settings (e.g. password length) can be managed centrally with Group Policy, but as highlighted above, this may not be a foolproof approach.
900. As the local administrator password can cause a major security issue in any network, a best practice to follow would be to have unique and random passwords per server and distributed in a secure manner that still allows IT staff to know and use the passwords. This will prevent an attacker abusing such credentials by reusing the same credentials across the network. However, regular monitoring would still be required, to make sure local passwords are not reset or defaulted to a weak password.


COI Report – Part VII
Page 309 of 425

901. As a more comprehensive solution, it is recommended that a solution such as an enterprise Password Vault should be implemented. Broadly speaking, this would prevent unauthorised users from accessing privileged account credentials, and still ensure that authorised users have the necessary access for legitimate purposes. A Password Vault serves to protect all privileged account passwords in a secure central repository to prevent the theft or unauthorised sharing of these credentials. Administrators will checkout server local administrator credentials each time access using such an account is required. Further, such a system would ensure that the credentials checked out would meet password length and complexity requirements, be constantly changed, and be unique to each server.
902. Implementing such a solution would significantly reduce the risk of weak passwords leading to the compromise of local administrator accounts, and would slowdown lateral movement in a network if a breach happens, as it would require each server to be compromised separately.
903. IHiS has in fact implemented a Password Vault solution in the wake of the Cyber Attack. As testified to by Woon Lan and Leong Seng, IHiS has procured a software to manage all local administrator accounts. This ensures that
IHiS is no longer reliant on the administrators to change the passwords themselves – the Password Vault mandates that it is constantly changed.

Download 5.91 Mb.

Share with your friends:
1   ...   246   247   248   249   250   251   252   253   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy