Skip to end of banner
Go to start of banner

OM-BP-0013: Rotate service accounts credentials frequently (Best Practice)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

ID

OM-BP-0013

Name

Rotate service accounts credentials frequently

Status

ACTIVE

Version

1.0

Best Practice

Assure that service accounts credentials are frequently rotated.

Rationale

Service accounts are attractive targets for hackers because of their often high privileges.

Bad Practices

  • Leave service account credentials unchanged.

  • Leave service account default passwords unchanged.

Implementation Details

  • Compile a list of tools and products that may automate service account credentials.
  • Link to Windows self-managed service credentials.

Quotes

Both hackers and security pros strongly agree that service accounts are an attractive target because hackers can easily elevate privileges and gain access to sensitive information.

(…)

Service accounts can pose a significant risk to organizations because they are so difficult to manage and secure properly, especially across multiple accounts for different services, tasks, and other applications. These accounts are time consuming to control and prone to human error when managed manually. Service account passwords are also a challenge: administrators can’t safely change a service account password if they don’t know where it’s used without risk of bringing down other applications.

(…)

#2: Rotate credentials frequently

(Thycotic, 2019, p. 3)

Bibliography

Related Best Practices

  • No labels