Account Policies

Summary

  • Restrict login times - helps prevent an account from logging in around unusual hours of the day/night.
  • Failed attempts lockout - create maximum attempts before locking the account to prevent bruteforce or disctionary attacks.
  • Concurrent logins - the number of locations or devices a user can be logged in to at any given time, or possibly of all time. This is used to keep a consistent record of where the user or account typically operates from and helps detect unusual behaviors.
  • Use timeout/screen locks - Screen locks help stop threat actors physically access machines, install hardware, or install software that may be malicious in gathering information about a system, user, or storage information.