In: Computer Science
Hi, I would love to answer you with this question. Hope you will like an answer and get some clear idea related to the same. So not wasting much time lets get started.
The question is long and complex so as to channelize I will be answering the question by making parts as follows:
Ans.1 The access control is the measure that is been initiated by the network security experts in the network so as to restrict the access to the users and provide the limited access as been required. While moving forward the authentication is the method for checking the legitimacy of the user that whether the user is original or the faker user trying, this is done by using password policies and the multifactor authentications. Now heading to the authorization, Authorization is the process to find out the user privileges that any user needs the maximum to complete its task like an employee will not be authorized to get access to the server or the admin computer, so this is a part of the authorization.
These all the methods are been used to secure the network by restricting and checking the legitimacy of the user of the services as the PC's are password protected with some limited access resulting in the security of the network.
Ans.2 Account naming convention is the method to keep the unique username so as they could not be easily guessed and tried for the brute force. The two things which you can keep in mind are never use default username and never directly names of yours or the email domain and related things. These can be complexed with the mixing with DOB or the ID card details and something like these should be mixed with the name or the email. eg. Devsin3008 this is for the Dev Sinha whose DOB is 30/08/1998. So these types can be mixed and can be made more complex using other methods of ID and DOB.
Ans.3 Password length and complexity, me as a penetration tester always test for this in the auditing or the pentest this is the most targeted place for the brute force attacks and the passwords must be complex enough so that this might not be penetrated so easily. The basic factors which can keep the password complexity strong are :
Some other aspects asked in the question may be answered as the password must be changed so often so as resulting in the security and the old 3 passwords cannot be resused as a password. And while resetting the password the old password must be asked and verified for the legitimacy
Ans.4 Server administrative access, The access to the server administration must be restricted to the server admin only. The policy must be there for no employees full access to the server administration.
No the server administrators should not be allowed to keep the default credentials anywhere is in the server whether the authentication is there or not default credentials must be removed, whether in Linux or windows. Dealing with the password management the password complexity must be high and the password information must be restricted to the server admin only not event the owner till required hardly. This is the way the network can be provided the secure environment.
I hope you got your answers and a clear idea related to the same .
Please like an answer and do comment for any queries in the answer.
Thanks and Happy to help :)
HAPPY LEARNING