Time to Ditch Big-Brother Accounts for Network Scanning

2021-12-21 22:08

These accounts are usually used by backup, security or monitoring solutions.

Using such accounts to remotely login to systems on the network introduces unnecessary risk - it's a bad practice, and an avoidable one.

First, the attacker obtains access to a computer in the network.

This way, an attacker that compromises a server would only be able to perform certain actions on the network rather than have complete access, and an attacker that compromises a computer in the network won't be able to steal the server's credentials to move laterally.

So as much as we need backup, security and monitoring capabilities, it's time to eliminate over-privileged domain service accounts.

Restrict service accounts to the minimum access they need to perform their roles.

News URL

https://threatpost.com/domain-admin-accounts-scan-network/177194/

#bigbrother