Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page248/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   244   245   246   247   248   249   250   251   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 305 of 425

compromised. For example, the list may include, but is not limited to Passwords obtained from previous breach corpuses. Dictionary words. Repetitive or sequential characters (e.g. ‘aaaaaa’,
‘1234abcd’).

Context-specific words, such as the name of the service, the username, and derivatives thereof. b) If the chosen secret is found in the list, the Credential Service Provider (“CSP”) or verifier shall advise the subscriber that they need to select a different secret, shall provide the reason for rejection, and shall require the subscriber to choose a different value.
890. The move to passphrases can be achieved by a) Educating employees on the benefits of moving to passphrases as part of their security training, emphasising both the personal and organisational benefits of improved network security and/or b) Deploying third party tools on domain controllers that enforce the use of passphrases, blacklist guessable complex passwords, blacklist leaked passwords etc.
85

85
Specops Password Policy, a tool which can target any GPO level, group, user, or computer with dictionary and passphrase settings is an example of one such tool – see www.specopssoft.com for details.


COI Report – Part VII
Page 306 of 425

40.4 Password policies must be implemented and enforced across
both domain and local accounts
891. Typically, when restrictions are implemented on the administrators group in GPOs, Windows applies the settings to members of a computer's local administrators group, in addition to the domain's administrators group. However, in the case of the SGH Citrix servers, a setting called block policy inheritance had been applied at the servers, meaning that domain level policies could not be inherited (i.e. they were blocked) and would not apply to the SGH Citrix servers. Accordingly, although password policies had been implemented at a domain level, they were not applied on these servers.
892. We recommend that a technological solution be found to ensure that updated password policies will be pushed down for server local administrator accounts, without exception. If no such solution can be found, steps must betaken to individually implement the updated policies at the local servers, or an alternate solution must be implemented to centrally manage server local administrator accounts.

Download 5.91 Mb.

Share with your friends:
1   ...   244   245   246   247   248   249   250   251   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy