Privileged Account Management

From attackics
Jump to navigation Jump to search
Privileged Account Management
Mitigation
ID M0926
NIST SP 800-53 Rev. 4 AC-2
IEC 62443-3-3:2013 SR 1.3
IEC 62443-4-2:2019 CR 1.3

Description

Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.


Techniques Addressed by Mitigation

NameUse
Data DestructionMinimize permissions and access for service accounts to limit the information that may be impacted by malicious users or software.1
Data from Information RepositoriesMinimize permissions and access for service accounts to limit the information that may be exposed or collected by malicious users or software.1
Exploit Public-Facing ApplicationUse least privilege for service accounts.21
Exploitation of Remote ServicesMinimize permissions and access for service accounts to limit impact of exploitation.2
Network SniffingRestrict root or administrator access on user accounts to limit the ability to capture promiscuous traffic on a network through common packet capture tools.1
Valid AccountsAudit domain and local accounts and their permission levels routinely to look for situations that could allow an adversary to gain system wide access with stolen privileged account credentials.34 These audits should also identify if default accounts have been enabled, or if new local accounts are created that have not be authorized. Follow best practices for design and administration of an enterprise network to limit privileged account use across administrative tiers.5