CIS 527

Lab 1 - Users & Groups

User Accounts

• Share Computer with Multiple People
• Different Permissions for Different Users
• Auditing: Who did What?
• Protect Against Unauthorized Use

Authentication vs. Authorization

• Authentication - Confirming a User's Identity (Logging In)
• Authorization - Allow an Authenticated User Access to Resources
• Authentication DOES NOT IMPLY Authorization

Authentication Factors

One or More of the Following:

• Ownership - Something User Has
• Knowledge - Something User Knows
• Inherence - Something User Is

Authorization Methods

• Security Policies
• Access Control Lists (ACLs)
• File Security

User Identification

• Unique Identifier for User Account
• Different Than Username
• User Can Change Username, Not Identifier
• Linux: User Identifier (UID)
• Windows: Security Identifier (SID)

User Account Information

• UID / SID
• Username
• Password
• Home Directory
• Group Memberships

Groups

• List of Accounts
• Can Assign Permissions to Groups of Users
• Users Can Have Multiple Groups
• Unique Identifier

Best Practices

• Each Person has Unique Account
• Strong Passwords & Regular Changes
• Principle of Least Privilege (poLP)
• Create Audit Logs (Login/Logout/sudo)
• Disable Old Users ASAP
• Don't Use Admin Account for Daily Use