It’s An Older Code Sir, But It Checks Out ft. Bryon Singh, RailWorks Corporation

It’s An Older Code Sir, But It Checks Out ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On September 19, 2023

If you’re a geek like me, you remember the above line from Star Wars Episode VI: Return of the Jedi where a strike team posing as an engineering crew gives a stolen (dormant) authorization code as they attempt to pass through a security checkpoint.

The successful use of that dormant code allowed the rebels to take down the force field, fly inside the superstructure, knock out its main reactor, and destroy the Death Star. Dormant accounts are those virtual identities that lie idle, untouched, and unused for an extended period of time. They can range from email accounts and social media profiles to online banking portals and business platforms. Oftentimes, users create these accounts for temporary purposes or simply forget about them, leaving them susceptible to unauthorized access, data breaches, and potential misuse.

While the initial creation of dormant accounts might serve legitimate intentions, their abandonment can lead to unintended consequences. Cybercriminals often target such accounts, taking advantage of the prolonged inactivity and potential security vulnerabilities to gain unauthorized access, propagate spam, or even launch sophisticated cyberattacks. Organizations can also suffer from potential reputational damage if these dormant accounts are manipulated to distribute false information or engage in malicious activities.

If dormant accounts remain active, they could pose a significant risk in the event of a future data breach. These are typically accounts that once belonged to former employees or were set up for temporary projects. They may not have recent activity, but they often retain their access permissions, making them potential targets for misuse. To mitigate this, consider setting automatic expiration dates for accounts, provided the system allows for such configurations.

Strategies for Managing Dormant Accounts
  1. Routine Checks: Periodically scan for accounts untouched for set intervals, such as 30, 60, or 90 days.
  2. Leverage Automation: Deploy system tools or specialized software to spot and highlight inactive accounts based on set criteria.
  3. Integrate with HR Protocols: Align with HR processes to modify or deactivate accounts of employees who exit or transition to different roles.
  4. Implement Expiration Protocols: For accounts of a temporary nature, like those of freelancers or specific projects, designate a predetermined expiry date upon creation.
  5. Maintain Detailed Records: Uphold comprehensive records of all account-related actions, particularly when deactivating or removing accounts. This ensures traceability and responsibility.
  6. Periodic Access Reviews: Actively monitor and recalibrate access permissions for all accounts, adhering to the principle of granting the minimum required access.

Proactively addressing dormant accounts isn't just about organization; it's a cornerstone of effective cybersecurity.

Here’s a link to an Account and Credential Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/account-and-credential-management-policy-template-for-cis-controls-5-and-6

Here’s some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 5 – Account Management

Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.

Implementation Group 1

CIS Safeguard 5.3 - Disable Dormant Accounts

Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.