COI Report – Part VII
Page
301 of
425 such
as accessing email, and they should only be used by a single administrator
(
i.e. not shared) for accountability.
876. AD accounts are susceptible to being compromised by an attacker who has already gained a foothold within the network. Further, AD administrator accounts are susceptible because their passwords are not frequently changed.
877. The attacker gained unauthorised access to numerous SingHealth servers by stealing the passwords for privileged accounts. These servers used
single- factor authentication, in the form of a password. Relying solely on the strength of passwords is insufficient to protect critical servers against the risk of compromise.
878. Given these vulnerabilities, a system of
Privileged Access Management76
(“
PAM”) using FA must be put in place, and enforced for administrator access to servers.
Experts Dr Lim, Gen. Alexander, Vivek and Richard all concur with this recommendation. With FA, users must input two distinct identification methods — such as a password and a one-time-use PIN — to verify their permission to access a restricted system. A second factor of authentication would significantly secure
access to privileged accounts, and the risk of unauthorised access to mission-critical servers would be reduced. An attacker who obtains compromised credentials would
not be able to access a server, as it would not be in a position to provide the second form of identification, to complete the authentication process.
879. The Committee notes that the use of multi-factor authentication for all administrative account access is recommended in the CIS Controls.
77
We also PAM is a solution that helps organisations restrict privileged access within an existing Active Directory environment.
77
CIS Controls Version 7 at sub-control 4.5.
