CIS Control 4.7 Manage Default Accounts on Enterprise Assets and Software
Next up with Safeguard 4.7 we have to manage those pesky default accounts on your assets and software. This includes root, administrator, guest, and the other built-in or configured vendor accounts.
Managing these accounts is not rocket science, but is something most of us are not doing a good job with.
First disable the accounts that are not required, and if it's a vendor that only signs in once a quarter, then it's disabled until they need to login and have a documented process to validate the person who needs to login is actually still with that vendor.
The next piece is the stale password threats that these default accounts carry. If you're using basic passwords then sure resetting them every 90 days or whatever may be necessary but let's be honest you don't have time to reset all of them on a regular cadence and if you do, human error may cause a mistake.
The same is true for any applications that may have default accounts for the vendor or my favorite are those off the domain systems that run the HVAC or physical access systems. Just sitting there oftentimes with no security controls and an outdated Operating System.
"If it's on your network, can process your data, then it's your responsibility to ensure it is secure."
Microsoft LAPS (Local Administrator Password Solution) is a great tool (AND ITS FREE) that can provide the management of those local account passwords of domain joined computers and store these passwords in AD protected by ACL. LAPS will randomly generate passwords that are automatically changed on managed machines that are at least Windows 7 or Windows Server 2008 and newer.
The bottom line is we all have to stop using the same password on every workstation, or domain admin account out there. Use a secure password management solution that meets your (and your teams) needs while updating the default account credentials on a regular basis.
I want to personally thank you for following along and if you learned something new or found this content to be valuable please like and share. Since I have started this journey I am seeing more education around CIS Security and its framework throughout the industry.