• Online, Self-Paced
Course Description

Online user accounts, when not properly secured, are one of easiest entry points for savvy hackers. In this course, you'll learn about the fundamental security concepts of authenticity, integrity, and confidentiality, and what role they play in establishing effective user account policies. You'll also learn why and how most common user account breaches happen. Finally, this course covers some general security practices, such as privilege management, permissions, and account settings, to help protect against potential intrusions via user accounts.

Learning Objectives

Key User Account Security Concepts

  • start the course
  • identify the purpose and requirement for secure user account controls
  • describe characteristics of the fundamental security concept of authenticity as it relates to securing user accounts
  • describe characteristics of the fundamental security concept of integrity as it relates to securing user accounts
  • describe characteristics of the fundamental security concept of confidentiality as it relates to securing user accounts

Understanding Attacks

  • describe goals and motives for user account security attacks
  • distinguish between the different phases of a security attack
  • identify characteristics of username enumeration
  • identify characteristics of Cross-Site Request Forgery or CSRF
  • distinguish between the different types of web server password cracking techniques

General Prevention Practices

  • identify best practices for performing vulnerability scanning to prevent user account compromise
  • identify best practices for patching and updating to prevent user account compromise
  • identify best-practice network protocols to protect against general security attacks
  • identify best-practice account protocols to protect against user account security attacks
  • identify best practices for event logging as a method for identifying and preventing account security breaches

Guiding Security Principles

  • describe best practices for applying the security principle of least privilege in secure user account management
  • describe best practices for applying defense in depth strategy in secure user account management

Essential User Account Policies

  • distinguish between users, groups, and role structures for privileges
  • distinguish between the different access permissions categories available to assign to account users
  • identify characteristics and best practices of implementing appropriate naming convention restrictions for user accounts
  • identify characteristics and best practices for limiting logon attempts as a restriction for user accounts
  • identify best practices for setting account expiry dates
  • identify best practices for disabling unused user accounts
  • identify best practices for setting time restrictions on user accounts
  • identify best practices for setting machine restrictions on user accounts

Practice: Create User Account Protection Policies

  • identify appropriate user account security policies and practices

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.