Security Basics mailing list archives
Re: Securing Service Accounts - Good Practices
From: "J. Oquendo" <sil () infiltrated net>
Date: Wed, 24 Sep 2008 11:01:11 -0500
On Wed, 24 Sep 2008, David Tobias wrote:
The grand question here is what is the best practices/guidelines when encountering this type of solution. Do we remove each service account, one by one, waiting to see what, if anything, fails and then decide how to give rights to that account? What about in the future, when creating and securing new accounts...what are the best guidelines and practices to go by?
Sort of a difficult question to answer respond to provided no one know what the environment you're working at is. There could be limitations to what some will send you in regards to best practices and guidelines for their industry. E.g., are you in an environment where information has to be highly compartmentalized? I suggest beginning by getting in touch with your CISO, CSO and having an assessment and analysis done. You're missing a large scope in regards to INFORMATION security - don't let the technological part confuse you. There can be a large consequence not to mention financial risk of "waiting to see what fails". http://technet.microsoft.com/en-us/library/cc773365.aspx An analysis and BIA will identify what needs to be done in the best fashion from the business side of things first where the risks are weighed and decisions would be made to promote a healthier more secure and robust solution. My two cents. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "A good district attorney can indict a ham sandwich if he wants to ... The accusations harm as much as the convictions ... they're obviously harmful or it wouldn't be news.." - John Carter wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
Current thread:
- Securing Service Accounts - Good Practices David Tobias (Sep 24)
- Re: Securing Service Accounts - Good Practices J. Oquendo (Sep 24)
- RE: Securing Service Accounts - Good Practices David Tobias (Sep 24)
- RE: Securing Service Accounts - Good Practices Sheldon Malm (Sep 25)
- <Possible follow-ups>
- Re: Securing Service Accounts - Good Practices krymson (Sep 30)
- Re: Securing Service Accounts - Good Practices Chris Barber (Sep 30)
- Re: Securing Service Accounts - Good Practices J. Oquendo (Sep 24)