[Cialug] ask CIALUG: test accounts in the modern environment?
Jim Cole
jrcole at gmail.com
Fri May 13 15:43:48 UTC 2022
I wont understand the logic in using real accounts. It's just insane when
it comes to auditing and for the additional reasons mentioned below.
I get it if you're lazy but this is not the time to be lazy..do it right.
On Fri, May 13, 2022 at 9:58 AM Scott Yates <Scott at yatesframe.com> wrote:
> From a purely security standpoint, test accounts make sense to me at
> least. You can enable and disable them at will, and can include
> provisioning/teardown of them in MOP's and the like.
>
>
> On Fri, May 13, 2022 at 8:25 AM jim kraai <jimgkraai at gmail.com> wrote:
>
> > I'm working for a large government org (four large state universities and
> > colleges are well into the process of consolidating their IT systems)
> with
> > enterprise-scale systems, user counts, billing, etc., with the full range
> > of historical mainframe, oracle-as-neo-mainframe, a couple of thousand
> web
> > sites, cloud services on the rise, and appear to be 80+% done with a
> > migration from OpenLDAP to AD.
> >
> > I'm getting resistance to the idea of creating test accounts for
> migrating
> > systems that either weren't on OpenLDAP or had hacked/hybridized
> auth/auth
> > code to AD.
> >
> > I would really appreciate it if anyone would give points on both sides of
> > the general argument.
> >
> > The argument I'm formulating at this moment is that it's more secure and
> > less customer-impactful to have known, controllable test accounts to
> > perform a full range of tests on than to hunt-and-hope through the
> existing
> > user base for accounts to hijack or to manipulate each other's (devs')
> > accounts for testing.
> >
> > In my ideal world, I'm thinking of a pool of fleshed out accounts as IT
> > resources that can each be managed and allocated for internal use with
> > something like memberships in a custom security group or having a set of
> > custom security attributes to identify the account, support logging, and
> > prevent external activities--like billable stuff.
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
More information about the Cialug
mailing list