Prerequisites
If a new Service Account is to be created please raise request with [email protected] with the following information. If the following information is not supplied, the request will not be considered valid.
- The name of the account, which will include suffix of svc_
- A short description of the purpose of this account (for AD field)
- A detailed description of the purpose of the account, and what its functions are
- Is there documentation on how this service account is intending on being used which is stored in a approved repository?
- What applications the service account will be used in conjunction with
- Specify owner of account
- Approval from manager.
BeyondTrust Prerequisites
Not all service accounts will need to be specific onboarded into BeyondTrust, but if they are please specify the following.
- Is only a local account, or does it require access outside of the Maddocks network (DMZ)
- What resources does the service account require access to?
- What team/users should be able to use this service account?
Account Creation
Once the request is received, and all supplied information is valid the infosec team will
- Create an account with least privilege in Services OU
- Create the account with a password of 24 random characters
- Store the password in approved repository, and advise where it is stored to owner of svc account
or - Onboard the account into BeyondTrust
- Ensure the account is in a functional state to specified requirements.
Security BAU
Please note that these accounts are a security risk and due to the nature of these operations the security team will
- Disable svc_ accounts as required
- Seek approval from Stakeholders, and Stakeholder managers prior to any changes.
- Change passwords for these accounts as required
- Set alerting for whenever these accounts are changed
- Subject the account to audits
- Request the account is disbanded and replaced