Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
You can probably think of at least one major account security breach you've heard about. When a security breach happens, it puts your customers, assets, and entire reputation at risk, so knowing how to identify and respond to potential attacks can be the difference between an organization's continued success or complete failure. In this course, you'll learn about enhancing user account security by establishing logon, logoff, and advanced password management protocols. You'll also learn about safe and secure policies for advanced user account management such as account change and reset practices. Finally, this course covers effective best practices for handling user account security breaches, such as neutralizing attacks, and safely handling compromised systems to limit any further damage to your systems, network, and other user assets.

Target Audience
Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices

Prerequisites
None

Expected Duration (hours)
1.9

Lesson Objectives

Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation

  • start the course
  • describe the characteristics and purpose of the logon feature
  • identify best practices during development to secure site logon
  • use Secure Sockets Layer or SSL to enhance logon security
  • identify best practices for managing multiple simultaneous sessions from the same user
  • distinguish between the common types of attacks on logon pages
  • describe best practices for detecting and preventing logon fraud
  • identify the purpose and characteristics of implementing logoff requirements
  • identify the best practices and purpose of session expiry
  • identify the characteristics and best practices for remote logoff procedures
  • describe the purpose and techniques for implementing Cross-Site Request Forgery or CSRF protection on the logoff feature
  • describe best practices for password storage policies
  • identify the best practices for hashing passwords for storage
  • identify the characteristics and purpose of password reset
  • identify the best practices for implementing timed password resets
  • describe the best practices for strengthening password reset with verification questions
  • identify the benefits and challenges of using password hints and best practices
  • describe the characteristics of account detail changes and how and why they carry risk of attack
  • identify the specific account attributes that hackers target
  • describe the best practices for using password verification during account change activities
  • identify the best practices for implementing user account change notifications
  • identify the best practices for confirming user account changes with users
  • identify the best practices for dealing with compromised systems after a successful security attack
  • identify the best practices when collecting evidence and information after a successful attack
  • describe the best practices for neutralizing user account security attacks
  • identify appropriate logon, logoff, and account change policies, and describe the best practices for responding to account compromise

    • Course Number:
    sp_soaa_a03_it_enus

    Expertise Level
    Intermediate