Monitoring and Administer
Monitoring and Administer
Monitoring and Administer
settings.
These templates enable IT, administrators, to
logon attempt that the “counter” will reset. If this value is set to
45 minutes, and user jsmith types his password incorrectly two
times before logging on successfully, his running tally of failed
logon attempts will reset to 0 after 45 minutes have elapsed. Be
careful not to set this option too high, or your users could lock
themselves out through simple typographical errors.
Self Check
1. ___option determines the amount of time that a locked-out
account will remain inaccessible.
C. Adding roles
3. _____ Option defines the amount of time in minutes after a
bad logon attempt that the “counter” will reset.
A. Reset account lockout counter after
B. Account lockout duration
C. Account lockout threshold
Modifying previously created user
setting to update security policy
Managing user account settings
User accounts are created so that people can identify
themselves to the system and receive access to the network
resources they need.
In Windows Server 2008 with Active Directory enabled, user
accounts (often called user IDs) are assigned using the Active
Directory Users and Computers management console.
On standalone Windows Server 2008 computers, user accounts
are created using the User Accounts applet in Control Panel.
User Account Settings
User Account Settings
"User must change password at next logon" means that the user will
be required to change their password the next time they log in to the
system.
User Cannot Change Password. Typically, an organization wants users
to be able to change their own passwords, but occasionally (as for a
visitor account) the password should not be changed.
Password never Expire
These applications expect the password to never be changed, or if it is
changed, the change must be performed using the management tool for
the application, and not through the ADUC.
Account Is Disabled.
Self Check
1. Users are identify themselves to the
system and receive access to the network
resources they need using:
A. User accounts
B. File server
C. Print server
2. ____setting prevents users to be able to
change their own passwords.
A. Disable password
B. User Cannot Change Password
C. Expire password
3. _____ setting that allows the administrator to
exempt the account from the password-
expiration rule.
A. Creating password
B. Password expiration
C. Changing password
Ensuring Displayed legal notices at logon
Configure Legal Notices on Domain Computers Using Group Policy
On most operating systems, one of the most effective ways to
regularly communicate legal obligations to users is with a login
message.
When you configure legal notice, the legal notice message appears
when the user hits CTRL+ALT+DEL.
Most of all you can configure legal notices on domain computers
in two ways:
1. You can write a fancy script and execute it at the every logon
2. Configure legal notice using a group policy.
Self Check
1. When you configure legal notice,
the legal notice message appears
when the user
hits__________________ keys
2. Most of all you can configure legal notices on domain
computers in two ways :
A. _______________________________________________
B. _______________________________________________
3. the most effective ways to regularly communicate legal
obligations to users is with a _______message.
Using appropriate utilities to check strength of passwords
and complexity
Don’t Allow the Sharing of Passwords: forbid employees from writing down
Furthermore, sharing the results from your AAR can help future
teams learn your successful strategies and avoid pitfalls you have
worked to overcome.
An AAR is centered on four questions:
1. What was expected to happen?
2. What actually occurred?
3. What went well and why?
4. What can be improved and how?
Self-Check
1. Which one of the following NOT benefits of a password
procedure?
A. Appropriate access for all staff;
B. Effective identity management and access auditing;
C. Single Point Of Failure;
D. All of the above
2. When creating a password procedure, it is important to
consider
________________________________________
________________________________________
________________________________________
________________________________________
________________________________________
________________________________________
3. AAR stands for ____________________________
4. The four After Action Review question is:
________________________________________
________________________________________
________________________________________
________________________________________
Accessing information services to identify security
gaps
A primary task of any information security professional is to
manage or perform an information security gap analysis to
find potential security vulnerabilities and risks and to use
the information to implement solutions to bridge the gaps.
The main objective of security analysis is to continually
improve and move closer to the desired security position
and to transition security from its current state to its future
improved state.
Importance of gap analysis
A gap analysis can be performed for various reasons. Generally, no