_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: Control 11: Account Monitoring and Control var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Monday, August 15, 2011

Control 11: Account Monitoring and Control

What does it really mean to provide Account Monitoring and Control and what are some practical and no cost ways to implement this control?

Send automated alerts to any change or attempted change to any group whose membership grants elevated access. Daily alerts and reports of locked-out accounts, disabled accounts, accounts with passwords that exceed the maximum password age, and accounts with passwords that never expire.

Perform a quarterly review of all accounts on systems and reconcile that to the list of employees from Human Resources and the physical access control system. Often one or more of these systems are not current and is an avenue to potential compromise. Develop relationships with Human Resources in order to have a more prompt and efficient employee termination procedure. Working together, a partnership can be created and leveraged when needed.

During internal employee transfers, go through the extra step of revoking all access and then add new access required to perform the new job. This will help avoid accumulation of privileges over their tenure.

Use the log review solution to create automated alerts for any new account, any new administrator access and also for when any account is locked out. At a minimum you will be able to provide better customer service by knowing about accounts that need to be unlocked. Perhaps these same alerts can be used to serve as indications and warnings to an attack.

No comments:

Post a Comment