Information
Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Notification of account creation is one method for mitigating this risk. A comprehensive account management process will ensure an audit trail that documents the creation of accounts and notifies administrators and the ISSO. Such a process greatly reduces the risk that accounts will be surreptitiously created and provides logging that can be used for forensic purposes.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the BIG-IP appliance to use a properly configured authentication server to send a notification message to the administrators and ISSO when accounts are created.