Module 7 - Creating a security design for accounts. In this module, you will learn how to determine threats and analyze risks to accounts and services in an organization. You will also learn how to design security for accounts and services, including determining security requirements, creating policies, and designing strategies to manage security. | Module 7: Creating a Security Design for Accounts Determining Threats and Analyzing Risks to Accounts Designing Security for Accounts Overview Lesson: Determining Threats and Analyzing Risks to Accounts Account Types and Their Security Requirements Why Account Security Is Important Common Vulnerabilities of Accounts Practice: Analyzing Risks to Accounts Account Types and Their Security Requirements Accounts receive privileges based on: User rights Permissions Account scope Group membership Untrusted Trusted External User Accounts Internal User Accounts Administrator Accounts Why Account Security Is Important Attacker Threat Example External Dictionary attack on weak password An attacker performs a dictionary attack on the Administrator account, discovers a weak password, and then uses the Administrator account to gain access to the network Internal Extraction of account information from LSA An attacker extracts a service domain account password that is stored as an LSA secret, then uses the account to gain access to other computers Internal Attacker BackAcct P.@..). LSA Secret External Attacker Dictionary Attack Password Common Vulnerabilities of Accounts Vulnerable area Example Passwords Weak passwords Use of the same password in multiple accounts Passwords that are stored on computers Sharing or writing down of passwords by users Account privileges Users who have local Administrator privileges Services that do not run as the System account Accounts with unnecessary user rights User or service accounts with permissions to private files, folders, and registry keys Account use and management Use of an Administrator account for nonadministrative tasks User accounts with account management rights Active accounts that are no longer used Practice: Analyzing Risks to Accounts Read the scenario Answer the questions Discuss answers as a class 1 2 3 Analysis Lesson: Designing Security for Accounts Guidelines for Granting Rights and Permissions Considerations for | Module 7: Creating a Security Design for Accounts Determining Threats and Analyzing Risks to Accounts Designing Security for Accounts Overview Lesson: Determining Threats and Analyzing Risks to Accounts Account Types and Their Security Requirements Why Account Security Is Important Common Vulnerabilities of Accounts Practice: Analyzing Risks to Accounts Account Types and Their Security Requirements Accounts receive privileges based on: User rights Permissions Account scope Group membership Untrusted Trusted External User Accounts Internal User Accounts Administrator Accounts Why Account Security Is Important Attacker Threat Example External Dictionary attack on weak password An attacker performs a dictionary attack on the Administrator account, discovers a weak password, and then uses the Administrator account to gain access to the network Internal Extraction of account information from LSA An attacker extracts a service domain account password that is stored as an LSA secret, then