Recently I read an excellent article by Jamie Adams, where he emphasizes the importance of the essential and often overlooked fundamental practice of good account management. Account management includes the investigation, analysis and managing of passwords and accounts. What he conveys to the reader is how the need for good account management can at times surpass the importance of implementing system patches of known vulnerabilities.
The basis for this argument is that often the most obvious security lapses occur in account management. This is the path of least resistance for hackers and there is no better place to gain access than through poorly secured accounts. Accounts are often hacked by unsophisticated means as opposed to exploiting a known vulnerability. Even worse, a hacker who gains access to an administrative account has the potential to cause great harm or quietly gain access to broader resources within the organization. Jamie also points out that account management is often overlooked because it’s not as exciting and easy as patching systems and the work can be very boring and tedious.
What should make account management more appealing is the ease with which an administrator can greatly improve security by following some simple guidelines and employing good tools. Strong password policies such as requiring users to reset their passwords regularly, requiring strong passwords, and preventing the reuse of old passwords will greatly improve security. Equally important is the auditing of accounts to be sure it’s known who “owns” them, what they are for, and how long it has been since they’ve been used. In Windows, these practices can be complicated and time consuming. Netwrix offers a solution for each of these account management tasks:
• The Account Lockout Examiner automatically identifies the root cause of lockouts to slash troubleshooting time and stress in a single stroke.
• The Inactive User Tracker detects and deactivates accounts that have not been used automatically, further tightening security.
• The Password Expiration Notifier ensures end-users are prepared for password change requirements proactively reducing calls to the help desk.
How are you managing your accounts now? Please post your comments below.