Account Policy Enforcement 4.4 Flashcards

1
Q

Credential Management

A

The credentials that you use to login are the only barrier between the outside world and your data. Your data is everything. Passwords must not be embedded in the application. Everything needs to reside on the server, not the client. Communications across the network should be encrypted. Authentication traffic should be impossible to see.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Configuration Settings

A

Windows uses group policy management. Windows provides some tools to help with these things.

NTFS permissions or Share permissions will be different. These affect the OS itself and some of the functions people will use daily on their computers. This is linked to Windows Active Directory, so you can admin different sites, groups, organization units.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Group Policy Control

A

Windows has great tools for these functions. It’s basically setting group permissions that apply to all users within the group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Password Complexity and Length

A

Make passwords strong. No single words, no obvious passwords like pet names. Mix upper and lower case letters, special characters, no leet speak. A strong password is a minimum of 8 characters. Do not allow password reuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Password Expiration and Recovery

A

All passwords should expire every 30, 60, or 90 days. Critical systems could be as frequent as 15 days. The password recovery process should not be trivial, make it hard so you can’t get social engineered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Account Lockout and Disablement

A

Too many bad passwords cause lockouts. It’s best practice to disable accounts because there is often data and encryption keys associated to accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly