Securing User Accounts: Fundamental Security Concepts

This course is included in our On-demand training solution.

Overview

Online user accounts, when not properly secured, are one of easiest entry points for savvy hackers. In this course, you’ll learn about the fundamental security concepts of authenticity, integrity, and confidentiality, and what role they play in establishing effective user account policies. You’ll also learn why and how most common user account breaches happen. Finally, this course covers some general security practices, such as privilege management, permissions, and account settings, to help protect against potential intrusions via user accounts.

Target Audience

Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices

Prerequisites

None

Expected Duration

150 min.

Course Objectives

Course Introduction

Importance of User Account Security

  • identify the purpose and requirement for secure user account controls
  • Authenticity

  • describe characteristics of the fundamental security concept of authenticity as it relates to securing user accounts
  • Integrity

  • describe characteristics of the fundamental security concept of integrity as it relates to securing user accounts
  • Confidentiality

  • describe characteristics of the fundamental security concept of confidentiality as it relates to securing user accounts
  • Security Attack Motives

  • describe goals and motives for user account security attacks
  • Security Attack Phases

  • distinguish between the different phases of a security attack
  • Username Enumeration

  • identify characteristics of username enumeration
  • CSRF

  • identify characteristics of Cross-Site Request Forgery or CSRF
  • Web Server Password Cracking

  • distinguish between the different types of web server password cracking techniques
  • Vulnerability Scanning

  • identify best practices for performing vulnerability scanning to prevent user account compromise
  • Patches and Updates

  • identify best practices for patching and updating to prevent user account compromise
  • Implementing Common Network Protocols

  • identify best-practice network protocols to protect against general security attacks
  • Implementing Common Account Protocols

  • identify best-practice account protocols to protect against user account security attacks
  • Event Logging

  • identify best practices for event logging as a method for identifying and preventing account security breaches
  • Principle of Least Privilege

  • describe best practices for applying the security principle of least privilege in secure user account management
  • Defense in Depth

  • describe best practices for applying defense in depth strategy in secure user account management
  • Privilege Management

  • distinguish between users, groups, and role structures for privileges
  • Permissions Categories

  • distinguish between the different access permissions categories available to assign to account users
  • Naming Conventions

  • identify characteristics and best practices of implementing appropriate naming convention restrictions for user accounts
  • Limiting Logon Attempts

  • identify characteristics and best practices for limiting logon attempts as a restriction for user accounts
  • Setting Account Expiry Dates

  • identify best practices for setting account expiry dates
  • Disabling Unused Accounts

  • identify best practices for disabling unused user accounts
  • Setting Time Restrictions

  • identify best practices for setting time restrictions on user accounts
  • Setting Machine Restrictions

  • identify best practices for setting machine restrictions on user accounts
  • Exercise: Determining Appropriate User Account Policies

    SUBSCRIPTION COST



     

    NEED HELP OR NOT SURE?