Hello and welcome back to Cyberia. 2019 comp T A security plus certification preparation course. Rugal continue our discussion on margin for which in fact, is domain four, and the topic discussed will be identity and access management.
Interestingly enough, we have a brand new objective here, which is 4.4 and its simply states, given a scenario different. Eight. Common Account Management practices.
The first item on our agenda is a pre assessment quiz and acquis reads as follows. Licit set up account for her company
she want instead of account for the or co database server. Which of the following will be the best type account just signed to a database server?
Is the sea at men or D service?
In this case, if you selected, do you absolute correct? Because the service account is the most appropriate in this scenario. Serves accounts are given the least privileges the service needs needs and are used by the service without the need for human users.
Here again are the topics we can compasses again this particular brand new objective. We're going to take a look at user countless guys shared and generic accounts. Guess account service account as well as privileged accounts,
So the first item margin is taking a look at its defining exactly what in fact is a user account.
Now use account also refers to as a name account is an account of social. One individual for the purpose of assessing resource is
a shared or generic count is an account. There's typically shipped by more than one individual for the purpose of access, and resource is
you guess account is similar to a shared account, but it's typically enable on the man for occasionally or one time use.
A service account is an account that is specifically used by service instead of an individual. The word suffered it needs to access. Resource is
a private account is an account that has the highest level privileges. Then use accounts to resource is
continue our discussion. This particular brand new objective, which is 4.4. You're giving a scenario different, ate the common account manager practices. So what? We're gonna take a look at some general concepts ranging from the term called lease privileges all the way down to locate
location based policies.
When you think about at least privileges. Basically sure that uses a granite Onley privileges they need to perform their roles within an organization.
On board is the price of any new users to the Identity mansion system of your organization.
Off boredom is the removal of the EU's identity from the data management system. Once that individual has left the organization,
permissions and automating review is a process of ensuring that Onley eligible users have access to the resource is within the organization.
You just ordering usage argument and as well as review is the process of recording the actions uses performed on resource is within an organization.
Then we have what we call time of day prescriptions basis used by odors. Issued rescript uses access to resource is too specific times and day as well as the days of the week
recent. If the case is a process of renewal certification accreditation at the changes I've made to the original certification process or at the a specific time period,
then we have the standard naming convention, which is an agreed upon convention for name and resource is
account. Man management or maintenance is a method of maintaining your accounts.
Group based access control is a method to grant access to resource is based on the user's membership in a group.
Location based policies essentially are. It can be used by organization to rescript uses. Access to resource is based on the physical location or the region off the user.
We have some additional topics. We need discuss as it pertained to this brand new objective
here. Again, we're gonna take a look again at account policy enforcement, ranging from other words. Credential management all way down to out password link.
So when you think about Prudential, management
is established form of software used for issuing and managing your credentials as part of your pkr. Other words. Public key infrastructure
ah, group process is a process by which owners ace an infant. Multiple password policies for users.
Password complexity basically is a complex of password. First or Hami character types are included in the password.
Exploration basically is a maxim time or use a password remains. Ballot
recovery is a process by which users can regain access to it, an account to which they no longer have access.
Disablement. Basically what that is, the death defying is often used when you have unemployed. That leaves your organization
lockout and over this an MBA in lockup policy a policy do lock out on account after incorrect passwords in a pre defined number of times.
Password history is the list of a user's previous passwords.
Password reuse. It's a password, positive events uses from regions and passwords on that password history list.
Password Link is a number of characters in the user's password.
Let's not turn our ticket order Post Assessment Quiz, and it reads as follows. Stephan just became the new security officer for university.
He concerned that student workers who worked late on campus could try and log on with the faculties credentials.
Would your father would be the most effective in preventing This is a time of day prescription be used today?
See password link or D credential magic
if you should let a your absolute crypt because rescript in each factory accounts so that it only usual when that particular factory member is typically on campus will prevent someone from log in with that account after hours, even if he or she has the password.
This brings us to our key takeaways. From this particular video presentation,
we learned that a user can also refers to a name account is an account that's associated with one individual for the purpose of assessing. Resource is we also learned that, I guess account of similar to a shed account. But it's typically unable on the man for occasional or one time use.
We noted that privilege account is an account that has, ah, high level privilege, then use account to resource is
we also learned the past where history is a list of users. Previous passwords,
we also learned in the past would posit that Vince used for reusing passwords on that password. Let password lists as well.
In our upcoming video will be taking a look at a brand new domain, which is the main five, which is deal specifically with risk management. In fact,
we have a new objective within that particular main. You're gonna be highlight in the upcoming video, which is 5.1 what We have to explain the importance of policies, plans and procedures related to organizational security. And again, I look forward to seeing the very next video