Re: Securing Service Accounts - Good Practices

On Wed, 24 Sep 2008, David Tobias wrote:

The grand question here is what is the best practices/guidelines when
encountering this type of solution. Do we remove each service account,
one by one, waiting to see what, if anything, fails and then decide how
to give rights to that account? What about in the future, when creating
and securing new accounts...what are the best guidelines and practices
to go by?

Sort of a difficult question to answer respond to provided
no one know what the environment you're working at is. There
could be limitations to what some will send you in regards
to best practices and guidelines for their industry. E.g.,
are you in an environment where information has to be highly
compartmentalized?

I suggest beginning by getting in touch with your CISO, CSO
and having an assessment and analysis done. You're missing
a large scope in regards to INFORMATION security - don't
let the technological part confuse you. There can be a
large consequence not to mention financial risk of
"waiting to see what fails".

http://technet.microsoft.com/en-us/library/cc773365.aspx

An analysis and BIA will identify what needs to be done
in the best fashion from the business side of things first
where the risks are weighed and decisions would be made to
promote a healthier more secure and robust solution. My
two cents.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, CNDA, CHFI, OSCP

"A good district attorney can indict a ham sandwich
if he wants to ... The accusations harm as much as
the convictions ... they're obviously harmful or it
wouldn't be news.." - John Carter

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB