[Cialug] ask CIALUG: test accounts in the modern environment?
Dave Hala
dave at 58ghz.net
Fri May 13 15:50:37 UTC 2022
What is the argument against creating test accounts?
On Fri, May 13, 2022 at 10:44 AM Jim Cole <jrcole at gmail.com> wrote:
> I wont understand the logic in using real accounts. It's just insane when
> it comes to auditing and for the additional reasons mentioned below.
> I get it if you're lazy but this is not the time to be lazy..do it right.
>
> On Fri, May 13, 2022 at 9:58 AM Scott Yates <Scott at yatesframe.com> wrote:
>
> > From a purely security standpoint, test accounts make sense to me at
> > least. You can enable and disable them at will, and can include
> > provisioning/teardown of them in MOP's and the like.
> >
> >
> > On Fri, May 13, 2022 at 8:25 AM jim kraai <jimgkraai at gmail.com> wrote:
> >
> > > I'm working for a large government org (four large state universities
> and
> > > colleges are well into the process of consolidating their IT systems)
> > with
> > > enterprise-scale systems, user counts, billing, etc., with the full
> range
> > > of historical mainframe, oracle-as-neo-mainframe, a couple of thousand
> > web
> > > sites, cloud services on the rise, and appear to be 80+% done with a
> > > migration from OpenLDAP to AD.
> > >
> > > I'm getting resistance to the idea of creating test accounts for
> > migrating
> > > systems that either weren't on OpenLDAP or had hacked/hybridized
> > auth/auth
> > > code to AD.
> > >
> > > I would really appreciate it if anyone would give points on both sides
> of
> > > the general argument.
> > >
> > > The argument I'm formulating at this moment is that it's more secure
> and
> > > less customer-impactful to have known, controllable test accounts to
> > > perform a full range of tests on than to hunt-and-hope through the
> > existing
> > > user base for accounts to hijack or to manipulate each other's (devs')
> > > accounts for testing.
> > >
> > > In my ideal world, I'm thinking of a pool of fleshed out accounts as IT
> > > resources that can each be managed and allocated for internal use with
> > > something like memberships in a custom security group or having a set
> of
> > > custom security attributes to identify the account, support logging,
> and
> > > prevent external activities--like billable stuff.
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
--
NIFCAP -The Premier Client Intake System for Non-Profit Organizations.
https://www.osis.us
More information about the Cialug
mailing list