Internet And Network Technologies
Securing User Accounts
Securing User Accounts: Authorization, Registration, and Passwords
Securing User Accounts: Fundamental Security Concepts
Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation

Securing User Accounts: Authorization, Registration, and Passwords

Course Number:
sp_soaa_a02_it_enus
Lesson Objectives

Securing User Accounts: Authorization, Registration, and Passwords

  • start the course
  • describe characteristics of the authentication and identification process and the relationship between them
  • distinguish between the three user authentication components and how they interrelate
  • distinguish between the different types of authentication
  • describe characteristics of authorization
  • identify the phases of the user logon process
  • identify characteristics and purpose of credentials
  • identify characteristics of password credentials
  • identify characteristics of asymmetric key credentials for authentication
  • identify characteristics of biometric credentials
  • identify characteristics of ticket-based hybrid authentication credentials
  • describe characteristics and purpose of secure user account registration policies and practices
  • describe best practices for securing usernames and user identifiers
  • identify best practices for account registration verification
  • identify best practices and purpose of using Completely Automated Public Turing test to tell Computers and Humans Apart or CAPTCHA for user account registration and set-up
  • describe purpose and best practices for implementing two-step verification in user account registration policies
  • describe best practices for preventing username enumeration as part of user account registration security
  • describe best practices for setting minimum password strength criteria policies
  • identify password length, width, and depth requirements that can enhance password security
  • identify best practices for password field security
  • describe techniques for providing feedback to users on password strength
  • describe benefits and best practices for enforcing password history policies
  • describe benefits and best practices for setting minimum and maximum password age requirements
  • identify best practices for preventing password hack attempts
  • identify appropriate user account registration and password best practices

Overview/Description
Without the ability to gain entry to a network, hackers are powerless, so establishing effective authorization protocols is vital. In this course, you'll learn about key authentication concepts and best practices such as identification, user authentication components, the user logon process, and how to effectively manage user account credentials. This course also covers registration security, including how to use Completely Automated Public Turing test to tell Computers and Humans Apart or CAPTCHA, and enabling two-step verification. Finally, this course introduces password security best practices, including establishing password strength, complexity, and age criteria.

Target Audience
Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices

Securing User Accounts: Fundamental Security Concepts

Course Number:
sp_soaa_a01_it_enus
Lesson Objectives

Securing User Accounts: Fundamental Security Concepts

  • start the course
  • identify the purpose and requirement for secure user account controls
  • describe characteristics of the fundamental security concept of authenticity as it relates to securing user accounts
  • describe characteristics of the fundamental security concept of integrity as it relates to securing user accounts
  • describe characteristics of the fundamental security concept of confidentiality as it relates to securing user accounts
  • describe goals and motives for user account security attacks
  • distinguish between the different phases of a security attack
  • identify characteristics of username enumeration
  • identify characteristics of Cross-Site Request Forgery or CSRF
  • distinguish between the different types of web server password cracking techniques
  • identify best practices for performing vulnerability scanning to prevent user account compromise
  • identify best practices for patching and updating to prevent user account compromise
  • identify best-practice network protocols to protect against general security attacks
  • identify best-practice account protocols to protect against user account security attacks
  • identify best practices for event logging as a method for identifying and preventing account security breaches
  • describe best practices for applying the security principle of least privilege in secure user account management
  • describe best practices for applying defense in depth strategy in secure user account management
  • distinguish between users, groups, and role structures for privileges
  • distinguish between the different access permissions categories available to assign to account users
  • identify characteristics and best practices of implementing appropriate naming convention restrictions for user accounts
  • identify characteristics and best practices for limiting logon attempts as a restriction for user accounts
  • identify best practices for setting account expiry dates
  • identify best practices for disabling unused user accounts
  • identify best practices for setting time restrictions on user accounts
  • identify best practices for setting machine restrictions on user accounts
  • identify appropriate user account security policies and practices

Overview/Description
Online user accounts, when not properly secured, are one of easiest entry points for savvy hackers. In this course, you'll learn about the fundamental security concepts of authenticity, integrity, and confidentiality, and what role they play in establishing effective user account policies. You'll also learn why and how most common user account breaches happen. Finally, this course covers some general security practices, such as privilege management, permissions, and account settings, to help protect against potential intrusions via user accounts.

Target Audience
Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices

Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation

Course Number:
sp_soaa_a03_it_enus
Lesson Objectives

Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation

  • start the course
  • describe the characteristics and purpose of the logon feature
  • identify best practices during development to secure site logon
  • use Secure Sockets Layer or SSL to enhance logon security
  • identify best practices for managing multiple simultaneous sessions from the same user
  • distinguish between the common types of attacks on logon pages
  • describe best practices for detecting and preventing logon fraud
  • identify the purpose and characteristics of implementing logoff requirements
  • identify the best practices and purpose of session expiry
  • identify the characteristics and best practices for remote logoff procedures
  • describe the purpose and techniques for implementing Cross-Site Request Forgery or CSRF protection on the logoff feature
  • describe best practices for password storage policies
  • identify the best practices for hashing passwords for storage
  • identify the characteristics and purpose of password reset
  • identify the best practices for implementing timed password resets
  • describe the best practices for strengthening password reset with verification questions
  • identify the benefits and challenges of using password hints and best practices
  • describe the characteristics of account detail changes and how and why they carry risk of attack
  • identify the specific account attributes that hackers target
  • describe the best practices for using password verification during account change activities
  • identify the best practices for implementing user account change notifications
  • identify the best practices for confirming user account changes with users
  • identify the best practices for dealing with compromised systems after a successful security attack
  • identify the best practices when collecting evidence and information after a successful attack
  • describe the best practices for neutralizing user account security attacks
  • identify appropriate logon, logoff, and account change policies, and describe the best practices for responding to account compromise

Overview/Description
You can probably think of at least one major account security breach you've heard about. When a security breach happens, it puts your customers, assets, and entire reputation at risk, so knowing how to identify and respond to potential attacks can be the difference between an organization's continued success or complete failure. In this course, you'll learn about enhancing user account security by establishing logon, logoff, and advanced password management protocols. You'll also learn about safe and secure policies for advanced user account management such as account change and reset practices. Finally, this course covers effective best practices for handling user account security breaches, such as neutralizing attacks, and safely handling compromised systems to limit any further damage to your systems, network, and other user assets.

Target Audience
Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices

Close Chat Live