[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194475 Download | Alert*

Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and identify the risk from insider threats and the a ...

Frequently, an attacker that successfully gains access to a system has only gained access to an account with limited privileges, such as a guest account or a service account. The attacker must attempt to change to another user account with normal or elevated privileges in order to proceed. Auditing successful and unsuccessful attempts to switch to another user account mitigates this risk.

The permissions on a file establish which users are permitted to access or modify it. An attacker may attempt to change the permissions on a file to prevent legitimate users from accessing it or to grant additional access to an account the attacker controls. Auditing successful and unsuccessful attempts to modify security objects such as file permissions mitigates this risk.

Controls whether a user can use the OSX GUI to start or switch to a login session running as another user concurrently. In .GlobalPreferences.plist, set the MultipleSessionEnabled key to false to disable fast user switching.

Enable or disable console login as appropriate. If console login is enabled, the user can type '>console' for the user name to get a console login. In loginwindow.plist, set the DisableConsoleAccess key = true to prevent console logins. If the key does not exist, console login is allowed.

The setting controls whether external accounts, which are defined and stored on 'other' media (such as USB drives or specified disk partitions), are allowed to be active on a system. In loginwindow.plist, set the EnableExternalAccounts key = false to disable external accounts. If the key does not exist, external accounts are allowed.

The setting controls whether admin accounts are visible on the login window. In loginwindow.plist, set the HideAdminUsers key = true to hide admin accounts. If the key does not exist, admin accounts are displayed.

The setting controls whether local user accounts are visible in the login window. In loginwindow.plist, set the HideLocalUsers key = true to hide local user accounts. If the key does not exist, user accounts are displayed.

The setting controls whether mobile accounts, which synchronize home folders between clients and servers, are visible in the login window. In loginwindow.plist, set the HideMobileAccounts key = true to hide mobile accounts. If the key does not exist, mobile accounts are displayed.

Account creations and account modfications, such as disablement and termination, can all be signs of an intrusion and should be audited. Once an attacker establishes access to a system, the attacker may attempt to create an account to reestablish access at a later time. The attacker may also attempt to modify accounts in an attempt to change an existing account's privileges or disable or delete ac ...


Pages:      Start    11568    11569    11570    11571    11572    11573    11574    11575    11576    11577    11578    11579    11580    11581    ..   19447

© SecPod Technologies