HOME

TheInfoList



Click Here for Items Related To - Service Account
OR:
Service Account on:   [Wikipedia]   [Google]   [Amazon]

A service account or application account is a digital identity used by an application software or service to interact with other applications or the operating system. They are often used for machine to machine communication (M2M), for example for application programming interfaces (API). The service account may be a
privileged identity Privileged may refer to: Film and television * ''Privileged'' (TV series), a 2008 US television series * ''Privileged'' (film), a 1982 Hollywood film Other uses * Immunologically privileged site, a body location where immune response to ...
within the context of the application.


Updating passwords

Local service accounts can interact with various components of the operating system, which makes coordination of password changes difficult. In practice this causes passwords for service accounts to rarely be changed, which poses a considerable security risk for an organization. Some types of service accounts do not have a password.{{Cite web , title=Best practices for working with service accounts {{! IAM Documentation , url=https://cloud.google.com/iam/docs/best-practices-service-accounts , access-date=2023-01-05 , language=en


Wide access

Service accounts are often used by applications for access to databases, running batch jobs or
scripts Script may refer to: Writing systems * Script, a distinctive writing system, based on a repertoire of specific elements or symbols, or that repertoire * Script (styles of handwriting) ** Script typeface, a typeface with characteristics of ha ...
, or for accessing other applications. Such privileged identities often have extensive access to an organization's underlying data stores laying in applications or databases. Passwords for such accounts are often built and saved in plain textfiles, which is a vulnerability which may be replicated across several servers to provide fault tolerance for applications. This vulnerability poses a significant risk for an organization since the application often hosts the type of data which is interesting to advanced persistent threats. Service accounts are non-personal digital identities and can be shared.


Misuse

Google Cloud lists several possibilities for misuse of service accounts: * Privilege escalation: Someone impersonates the service account * Spoofing: Someone impersonates the service account to hide their identity * Non-repudiation: Performing actions on their behalf with a service account in cases where it is not possible to trace the actions of the abuser * Information disclosure: Unauthorized persons extract information about infrastructure, applications or processes


See also

* Kerberos Service Account, a service account in
Kerberos (protocol) Kerberos () is a computer-network authentication protocol that works on the basis of ''tickets'' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily a ...
* Administered service account, a service account within managed services * Privileged identity management *
Robotic process automation Robotic process automation (RPA) is a form of business process automation technology based on metaphorical software robots (bots) or on artificial intelligence (AI)/digital workers. It is sometimes referred to as ''software robotics'' (not to be ...


References

Computer security Software