Reference no: EM133440374
Question
1. There are some tools that can help automate the discovery and documenting of accounts that exist on both Windows and Linux devices. For example, ManageEngine ADManager Plus is a software that can monitor Active Directory accounts on Windows Server and Windows, and also supports Linux authentication using LDAP. Another example is Delinea, a service that can discover service accounts across different platforms and applications, including Windows and Linux. This information should be kept in a secure location, such as a password-protected database or an encrypted file. It should also be backed up regularly and updated whenever there are changes in the account status or permissions. There are also automated tools that can help with maintaining a unique password for every account. For example, LastPass is a password manager that can generate and store strong passwords for different accounts, and sync them across devices. Another example is Thycotic Secret Server, a software that can manage privileged accounts and passwords, and enforce policies such as rotation, expiration, and complexity.
2. There is a lot that goes into a secure configuration process such as: identification and recording of configurations that could impact the security of a system, consideration of security risks in approving the initial configuration, analysis of changes to an existing configuration, the need for documenting everything along the way and always monitoring for issues.
Specific things that could be implemented to make a configuration secure would include things like removing and disabling user accounts that are unnecessary, as they open the system up to intrusion. Changing default passwords, removing/disabling unnecessary software, etc.
Baselines are crucial in developing a secure configuration process because per NIST "is a baseline is a set of specifications for a system, or CI within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures". A baseline is a roadmap to follow to make sure nothing is missed. Every open door not closed could be provide an issue for hackers looking to gain access to a system.