TabletWise.com
 

User Account Management

6 minutes
Share the link to this page
Copied
  Completed
You need to purchase the class to view this lesson.
One-time Purchase
$99.99
List Price:  $139.99
You save:  $40
د.إ367.26
List Price:  د.إ514.18
You save:  د.إ146.92
A$128.22
List Price:  A$179.52
You save:  A$51.29
৳8,479.49
List Price:  ৳11,871.62
You save:  ৳3,392.13
CA$126.28
List Price:  CA$176.80
You save:  CA$50.51
CHF 88.62
List Price:  CHF 124.08
You save:  CHF 35.45
kr611.38
List Price:  kr855.96
You save:  kr244.57
€82.18
List Price:  €115.06
You save:  €32.87
£73.04
List Price:  £102.26
You save:  £29.22
HK$775.32
List Price:  HK$1,085.49
You save:  HK$310.16
₹7,302.63
List Price:  ₹10,223.98
You save:  ₹2,921.34
RM404.40
List Price:  RM566.18
You save:  RM161.78
₦37,946.20
List Price:  ₦53,126.20
You save:  ₦15,180
kr844.98
List Price:  kr1,183.01
You save:  kr338.02
NZ$138.24
List Price:  NZ$193.55
You save:  NZ$55.30
₱4,802.06
List Price:  ₱6,723.08
You save:  ₱1,921.02
₨16,033.39
List Price:  ₨22,447.39
You save:  ₨6,414
S$132.35
List Price:  S$185.30
You save:  S$52.94
฿2,996.70
List Price:  ฿4,195.50
You save:  ฿1,198.80
₺735.45
List Price:  ₺1,029.66
You save:  ₺294.20
B$520.01
List Price:  B$728.03
You save:  B$208.02
R1,504.12
List Price:  R2,105.83
You save:  R601.70
Лв161.11
List Price:  Лв225.56
You save:  Лв64.45
₩109,494.91
List Price:  ₩153,297.25
You save:  ₩43,802.34
₪318.70
List Price:  ₪446.20
You save:  ₪127.49
Already have an account? Log In

Transcript

There are a lot of questions on the exam that talk about how we deal with user accounts. Now, as you could imagine, user accounts are a big issue when it comes to security in general. But in this episode, I just want to kind of enumerate a number of really, really important issues that you're going to see on the exam. So we need to take this a little bit bigger than for example, well, I know I'm going to be setting up users and groups. So I know things like for example, Microsoft best practices, users go into groups who gets rights and permissions. I mean, we you should know that.

But what I want to do is break this down and enumerate it a little bit more tightly to tie into what you're going to see on the exam. So let's start off with number one continuous monitoring. Your number one best buddy when it comes to user account issues is continuous access monitoring. You should be monitoring 24 seven, what your users are getting into to be able to have an idea of what's going on within your infrastructure. So that could be hundreds of different things under hundreds of different types of applications. But in general, and for the exam, remember, it's always good to track when people are logging in or logging off to a particular resource, and also keeping very close track of file access.

In particular, if you have large database files, or if you have personnel file, something that's really, really important, and you want to know what people are doing continuous monitoring of that file access can really help you if you run into trouble in the future. Okay, the next one I want to talk about is a big problem. And that's shared accounts. The bottom line is, is that shared accounts are a bad thing. If I see people using shared accounts, it usually just shows that they're being lazy in terms of doing good security. Probably one of the worst examples and everybody's guilty of this are these home networks.

When you're set up as a workgroup, and each individual system has the same user, and everybody just logs into whatever they want to log into, well, maybe for your house, that's okay. But in an enterprise environment that is utterly, utterly unacceptable. The bottom line is, is that continuous user access monitoring is going to be the tool that helps us watch out for that type of stuff. I guess about the only excuse I would ever see for shared accounts is you have some weird resource like a old printer, something that can only have one account. And even that's pretty much rare. So bottom line is, don't do shared accounts.

So going to the opposite of that. Now, let's talk about multiple accounts. multiple accounts sometimes just has to happen. Shared accounts is a sign of being a bad security person. multiple accounts sometimes just has to happen. So let's talk about those types of scenarios.

Number one, if you're going to be using multiple accounts, use different usernames and passwords. Now, what we're talking about here is where you've got a Windows domain, login with one username and password, and you use that same username and password to get into your email server or whatever it might be. That's a bad idea. If you're going to be using multiple accounts for one person like this, always try to use different usernames and passwords. While we're at it, always use different groups. So if you are, let's just stick with Windows.

So you're logging into a domain and you have two or three different groups for one reason or another. Make sure that those users are in different groups when they log in. If they're all in the same group, or if even a few are in the same group. That's often a good sign that you're not doing good security. The third big issue is that in a lot of situations, we will give people who would ordinarily not have really high privileges, sometimes we will give them very, very high privileges. So a great example is I got this guy, my accounting department who they print like crazy.

I mean, they're always printing. So I need somebody down in the accounting department who can clear the print queue or do whatever they need to do. His regular account doesn't have those permissions. So what I did is I gave him a special account that he can login with, and just do whatever he needs to do with that local accounting printer. The important thing here is that if you give someone a second account with elevated privileges, make sure they understand they will go ahead and log in with the elevated privileges only to do what they need to do and then log off. So if he's got a problem on the printer, he logs off it with his regular account logs in with his privileged account, does what he needs to do with the printer and then gets off.

It's very, very easy for people to just try to stay and do their normal work with an elevated privilege account and that's a big no no. Okay. The fourth thing and this is a big one is when you're in a scenario where you have a lot of multiple accounts, log everything, you really want to keep close track on multiple accounts scenarios to make sure people are doing the right thing. Okay, so the last one I want to talk about is probably the biggest issue of all when it comes to user account issues. And that's default and generic usernames. Your networks are filled with generic and default usernames.

I mean, at the very top of it is you've always got like your admin account or your supervisor account, or whatever it might be for logging into a router or to your domain controller or whatever it might be. If you've got databases, a lot of them have DB admin as their default account to log in with. If you have these types of accounts, what you want to do is not use those. If you can disable them, great if you can delete them great. What you want to do instead is always use dedicated service accounts. That way you'll always know who's logging into what the If you have somebody who needs elevated privileges to do something crazy at the top of all your routers and you create a router, you Mike's router account or something like that, that makes it easy to log easy to understand and easy to track to see what people are doing.

So we've gone through a number of very specific user account issues. You're going to be seeing all these on the exam. Take a minute, memorize them all.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to TabletWise learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.