3.2 - Default Accounts - Admin user has been renamed - create new admin

Information

Orphaned accounts are a major security vector that often lead to vulnerabilities, including the escalation of privileges. They are unnecessary and unused accounts that remain in the user account repository. They are primarily default accounts that were never used or for which passwords were never updated or changed. To address this issue, the ONTAP solution supports the removal and renaming of accounts.

Solution

To completely remove the default admin account, you must first create another admin-level account that uses the console login application.

After the new admin account is created, test access to that account with the NewAdmin account login. With the NewAdmin login, configure the account to have the same login applications as the default or the previous admin account (for example, http, ontapi, service-processor, or ssh). This step confirms that access control is maintained.

After all functions have been tested, you can disable the admin account for all applications before you remove it from ONTAP. This step serves as a final test to confirm that there are no lingering functions that rely on the previous admin account.

See Also

https://www.netapp.com/us/media/tr-4569.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2

Plugin: Netapp_API

Control ID: e6beef03e5996988aa04860c78dea9ee1b61b93b83c87a9445309e4997e27b26