Page 628 - StudyBook.pdf
P. 628

612    Chapter 11 • Operational and Organizational Security: Incident Response

                         the password of the user who is currently logged in, to unlock
                         the machine.





                 One of problems with password-protected screensavers is that an intruder can
             bypass the protection by rebooting the machine.When the OS is loaded, the
             screensaver is off, so the intruder can access the data and applications on the
             machine.To ensure this does not happen, additional methods of protecting a
             machine with passwords should be used.
                 Local user accounts can be set up so that usernames and passwords must be
             entered to gain access once the OS has loaded.These types of accounts are different
             from network accounts, as they are used to control access on the machine itself.
             User accounts can be set up on a variety of OSes, including Windows XP and
             Vista, and provide protection from unauthorized access.To set up local user
             accounts on Windows XP machines, the “User Accounts” applet in the Control
             Panel is used.As seen in Figure 11.2, the “User Accounts” applet provides an easy-
             to-use interface that allows you to create and maintain accounts on your computer.
             This is different from previous versions of Windows, where all users could logon to
             the machine using the same account. In XP and Vista, each user is required to have
             their own account, allowing administrators to control what permissions and
             resources users have access to on the local machine. By clicking on the Create a
             new account link, a wizard appears that takes you step-by-step through the pro-
             cess of setting up a new account. Once you’ve set up the new account, you can
             then click Change an account to modify a particular account’s password, and
             other elements of the account.
                 The alternate method of accessing a version of this tool is through the Run
             command on the Start menu. By typing “control userpasswords2” in Start | Run,
             and clicking OK, a dialog box similar to the one in Figure 11.3 will appear.As you
             can see from this dialog box, not only can you create and manage local users, but
             by checking the Users must enter a user name and password to use this
             computer checkbox, users are forced to have individual accounts that they must
             use to enter a username and password to logon to the computer.












          www.syngress.com
   623   624   625   626   627   628   629   630   631   632   633