COMPTIA Security+ Tutorial: Module 05,Part 03 – IMPLEMENTING SECUIRTY CONTROLS WHEN PERFORMING ACCOUNT MANAGEMENT

To mitigate issues with the users have multiple accounts for their multiple roles. It is important to have that each individual doing the same kind of work should have different accounts. These individuals should log in with their own credentials.

There should be no room for accountability and it makes the processing easier. The user can demand different accounts for different purpose if they have more than one role to play in the market. Like an administrator can log in to the system with his/her own credentials but can also access the accounts with someone else’s details. This will be considered as the malicious act and the administrator will be held responsible for the leakage of information.

It is essentials that the two accounts should not have the same set of passwords even if they are used by the same individual.

 

Account Policy should be enforced across the board. When creating policies for the users, if we implement the use of passwords we should take care of the complexities which means users must log on using passwords that are complex. These passwords can be made of upper case, lower case, or alphanumeric that is difficult to crack these passwords. Using the complex passwords are difficult to be cracked by the malicious users, which should be forced across the board.

A user password should expire about 30 days or 60 days of use. This way we can guarantee that the users only know their passwords. In case, the employees forget and to avoid this situation we can send links to the users from where they can set or reset the passwords.

It is a bad practice that the system administrator can look into the user’s password. Hence, the reverse encryption of the data should be disabled. These passwords should be saved using the character #. The strength of the password should be minimum of 8 characters and if the account is nonsensitive then password usage should be disabled to avoid abuse of the system.

If the user provides incorrect credentials,they should be locked out  as per the accounts policy. Each user is assigned some privileges which differ to that of the group.A Group member will automatically inherit the privileges and access control.