The security vulnerability of services originates with how the organizations have deployed them in their environment. Services, like user accounts, require a mean of authentication to use the system or network resources. This document should help administrators reducing the effect of a compromised service on a local host. Services which run with local admin or domain admin privilege should be consider as highest mitigation risk associated with them, hence there must be a proper mechanism in place to monitor the activities associated with these service accounts.
Start with step1 and move down to the level where your service run without any issue.
Step 1: Configure the service to run as LocalService
If test is passed, configure the service to use this account. If it fails, go to step 2.
Step 2: Configure the service to run as NetworkService
If test is passed, configure the service to use this account. If it fails, go to step 3.
Step 3: Configure the service to run as Local User
Grant “log on as service” user right
If test is passed, configure the service to use this account. If it fails, go to step 4.
Step 4: Configure the service to run as LocalSystem
Trust host as high security server
If test is passed, configure the service to use this account. If it fails, go to step 5.
Step 5: Configure the service to run as Domain User
Trust host as high security server
If test is passed, configure the service to use this account. If it fails, go to step 6.
Step 6: Configure the service to run as Local Admin
Trust host as high security server
If test is passed, configure the service to use this account. If it fails, please check with vendor fix. If it still fails, go to step 7.
Step 7: Configure the service to run as Domain Admins
Trust host as high security server
If test is passed, configure the service to use this account. If it fails, check for the vendor fix.
No comments:
Post a Comment