[Cialug] ask CIALUG: test accounts in the modern environment?

Scott Yates Scott at yatesframe.com
Fri May 13 14:56:28 UTC 2022


>From a purely security standpoint, test accounts make sense to me at
least.  You can enable and disable them at will, and can include
provisioning/teardown of them in MOP's and the like.


On Fri, May 13, 2022 at 8:25 AM jim kraai <jimgkraai at gmail.com> wrote:

> I'm working for a large government org (four large state universities and
> colleges are well into the process of consolidating their IT systems) with
> enterprise-scale systems, user counts, billing, etc., with the full range
> of historical mainframe, oracle-as-neo-mainframe, a couple of thousand web
> sites, cloud services on the rise, and appear to be 80+% done with a
> migration from OpenLDAP to AD.
>
> I'm getting resistance to the idea of creating test accounts for migrating
> systems that either weren't on OpenLDAP or had hacked/hybridized auth/auth
> code to AD.
>
> I would really appreciate it if anyone would give points on both sides of
> the general argument.
>
> The argument I'm formulating at this moment is that it's more secure and
> less customer-impactful to have known, controllable test accounts to
> perform a full range of tests on than to hunt-and-hope through the existing
> user base for accounts to hijack or to manipulate each other's (devs')
> accounts for testing.
>
> In my ideal world, I'm thinking of a pool of fleshed out accounts as IT
> resources that can each be managed and allocated for internal use with
> something like memberships in a custom security group or having a set of
> custom security attributes to identify the account, support logging, and
> prevent external activities--like billable stuff.
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>


More information about the Cialug mailing list