Security+: Differentiating Common Account Management Practices

Introduction

Account management is one of the most important aspects of an organization’s security posture. Not only do the decisions affect how users interact with their network and systems, but account management embodies many key security principles. Therefore, understanding the range of account types as well as how to employ and manage each is a foundational skill of Security+ professionals. This article explores the various account types, account policy enforcement mechanisms, and other concepts that must be mastered on the path to the CompTIA Security+ certification.

Account Types

No matter what applications or systems you are using, when you log in with your credentials, your username is assigned a level of authority and access to functions, resources, and data. While these permissions are handled behind the scenes, each user is associated with one of several account types. A user account holds the most limited amount of access to a system, but it is also the level that the vast majority of users have. A user level account often prevents the installation of new applications, changes to global settings or rules, and limits other functions or files, focusing on core business functionality.

A shared account, sometimes known as a generic account, is one that can be utilized by more than one assigned user. This account type is often used by teams that share similar functions – known as group-based access – or by casual users that need access to a system in a limited capacity. While shared accounts allow for flexibility, they also introduce challenges, including the inability to tie a specific person to an action made while logged in. Each person with access to the generic account can also access the same functions and files as everyone else, which could lead to data integrity issues. Some organizations also utilize (Read more...)