Page 147 - Courses
P. 147

Logical Security Applications

            Concepts: Delivered Accounts

            An OS is delivered with specific built-in accounts. Types of accounts include:

            Base OS Administrator Account

              Privileged account for the Windows OS.
              Privileged account names.
                   o  Unix and Unix variants - Root.
                   o  Windows - Administrator.
              Where possible, the best security practice is to change the default name of the privileged
               account.
              Depending on the OS, the privileged account can be disabled, but this is uncommon.
              If the privileged account cannot be disabled, only a limited number of users should know the
               password to this account.
              The privileged account is always prime for hacking; therefore, vendor specifications or standard
               security practices should be effective for this account.

            Guest

              A generally public account used for those who do not have a permanent account on the server.
              Usually has limited access capability and may have limited functionality (e.g., cannot install
               software or hardware).
              Normally, secure OSs have guest accounts disabled.

            Ports

              A port is like a door for communication sessions between computers. Commonly-used ports
               include Hypertext Transfer Protocol (HTTP) for web browsing, file transfer protocol (FTP), or
               telnet.
              A server team will disable all unused ports on the server. Network ports at workstations and in
               conference rooms should also be disabled when not in use.

            Concepts: Access Control Lists

            OSs have inherent security features contained within them. In general, regardless of OS type, access
            control lists (ACLs) are used to control user access capability. ACLs may also be known as rules.
            When working with ACLs:
              A third-party product may be used for mainframe security. Examples include Resource Access
               Control Facility (RACF) and Top Secret.
              If a local network uses AD, then Windows and AD ACLs are synonymous.
              Reports of user access capability are used to monitor user access.
              Depending on OS type, a third-party software reporting product could be used to assist in
               developing reporting.

            Copyright © 2022 by The Institute of Internal Auditors, Inc. All rights reserved.
   142   143   144   145   146   147   148   149   150   151   152