Esc

Account Locking

D3-AL
D3-AL (Account Locking)

Definition

The process of temporarily disabling user accounts on a system or domain.

How it works

Management servers with enterprise policies for account management provide the ability to enable and disable account for given rules. The rules may include specific periods of time (eg. weekend, plant shutdown, leave periods), specific user types or groups, or individual users.

Considerations

  • Local accounts caches vs centralized account management
  • Single Sign-on
  • Role based vs Attribute based systems

Examples of account configuration stores

  • Directory Services
  • Active Directory
  • RADIUS
  • LDAP
  • Oracle User Account Management
  • JumpCloud
loading...
json
loading...

References

All
Patent

The following references were used to develop the Account Locking knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Account monitoring

Reference Type: Patent Organization: Forescout Technologies Author: Chunhui Zhan, Siying Yang
Source: https://patents.google.com/patent/US20190205511A1

Framework for notifying a directory service of authentication events processed outside the directory service

Reference Type: Patent Organization: Oracle International Corp Author: Buddhika Nandana Kottahachchi
Source: https://patents.google.com/patent/US20090077645A1

A knowledge graph of cybersecurity countermeasures