WOW! ft. Bryon Singh, RailWorks Corporation

WOW! ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On August 16, 2023

If you ever played the massively multiplayer online role-playing game (MMORPG) World of Warcraft, you entered a fantastical world where you create a character, embark on quests, and explore vast virtual landscapes.

In the early days of "World of Warcraft," the default account for players was the "Guest" account. The account had limited capabilities and was mainly meant for players who were trying out the game before subscribing to a full account. Not surprisingly, some players discovered that the "Guest" account had certain vulnerabilities, allowing them to exploit the system and gain unintended advantages.

To address this issue and ensure fair gameplay, the game developers, Blizzard Entertainment, took action to manage default accounts effectively. They disabled the "Guest" account feature and replaced it with a proper subscription system. By doing so, they eliminated the risk of exploitation and provided a level playing field for all players.

In the dynamic landscape of today's digital era, securing enterprise assets and software is a top priority to safeguard sensitive information and maintain uninterrupted business operations. CIS Safeguard 4.7 emphasizes the critical significance of managing default accounts on these crucial assets. Default accounts, such as root, administrator, and pre-configured vendor accounts, are often present in enterprise assets and software. Typically established during initial setup, these accounts serve administrative purposes. However, leaving them unchanged poses significant security risks.

Benefits of Managing Default Accounts:

Efficiently managing default accounts offers several key advantages. Foremost, it reduces the attack surface for potential cyberthreats. By deactivating or securing default accounts, organizations close potential entry points for unauthorized individuals aiming to compromise sensitive data or disrupt business operations.

Implementing Best Practices:

CIS Safeguard 4.7 provides clear guidance on managing default accounts to enhance security. One approach is to disable or render these default accounts unusable after the initial setup is complete. This proactive measure ensures that these accounts cannot be exploited by malicious actors seeking unauthorized access. A common recommendation is to change passwords every 60 to 90 days. This practice helps mitigate the risk of password-based attacks, such as brute force or credential stuffing.

Additionally, organizations should create strong, unique passwords that are not easily guessable. Implementing multi-factor authentication (MFA) alongside regular password changes further enhances security by requiring an additional layer of verification beyond the password.

Here’s a link to a Secure Configuration Management Policy Template provided free of charge from the fine folks at the Center for Internet Security:

Here are some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 4 – Secure Configuration of Enterprise Assets & Software

Establish and maintain the secure configuration of enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/IoT devices; and servers) and software

(operating systems and applications).

Implementation Group 1

CIS Safeguard 4.7 - Manage Default Accounts on Enterprise Assets and Software

Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.