Week 15: Spring cleaning: Part 1 -- Accounts and space

When
Usually quarterly

Why
It's spring and time for spring cleaning. The less there is on your system the less there is to go wrong and to fix when something happens. Like closing credit card accounts you don't use to prevent identity theft, deleting any old or unused accounts is a good practice. How often you need to do this for your systems depends. But make sure the intervals are entered on your perpetual calendar.

Strategy
A user account should be deactivated/deleted when that account is idle for an extended period, say 60 days, or when the user departs for work in another location for an extended period. If you aren't sure if someone will return, deactivate the account. If he has left the organization, delete the account. Before doing either you may want to use a procedure where you archive the user's home directory to tape or a disk. Alternatively or additionally, if someone is taking over the position and will need the information from the previous user, you can search for files belonging to the user and move them using a change ownership type of function. Don't maintain files for a non-existent user. Also verify that these accounts were removed from any groups they belonged to. For any accounts you don't recognize, create a method you can use to determine how accounts you didn't set up were created. One simple way is to require two people on the IT team to create a user account -- one to determine and ascertain privileges and accesses, and another to create the system account.

Also consider looking at your user groups and updating them as well, especially any privileged or trusted accounts. You may also want to keep a current user account roster for each system you're responsible for, including the names of authorized maintenance personnel. This review is also a good time to make sure generic accounts like guest, temp and field maintenance haven't somehow been restored.

More information
Each system's manuals will have information on how to create, modify and delete user accounts.

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia.

We'd love to hear from you, please e-mail any comments.

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

Last week: Malicious code -- When viruses and worms run amok
Next week: Spring cleaning: Part 2--Hardware

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Weekly Security Planner,   Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Weekly Security Planner Weekly Security Planner: April Weekly Security Planner: March Weekly Security Planner: January Weekly Security Planner: February Weekly Security Planner: December Weekly Security Planner: November Weekly Security Planner: September Weekly Security Planner: October Weekly Security Planner: August Weekly Security Planner: June Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary graphical password  (SearchSecurity.com) identity chaos  (SearchSecurity.com) masquerade  (SearchSecurity.com) onboarding and offboarding  (SearchSecurity.com) OpenID  (WhatIs.com) salt  (SearchSecurity.com) session replay  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) TACACS  (SearchSecurity.com) war dialer  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.