View the User Security Dataset

The User Security dataset provides information about users, and their accounts and privileges that may impact the level of information security available from the visualized environment. An understanding of the capabilities of user accounts may be helpful in planning for application delivery.

Each user account used for logon by a user in the visualized community is analyzed to determine its properties and privileges. User accounts are then categorized by the capabilities of each account. This information may be useful to security architects in validating that the environment has sufficient protections to achieve the information security level desired.

User Security Dataset Perspectives

Each dataset is provided with one or more Perspectives. See View Datasets for more information on dataset perspectives and how to customize your perspective display.

Basic

This perspective offers an overview of users and related information that may be helpful in ensuring the security of the visualized environment. Some security configurations also have implications for how applications are delivered to the user community. Information related to the privilege level afforded each user, password change and expiration states, and logon usage data provides a starting point for user security analysis.

Users with Administrator Privileges

This perspective lists details for users in the visualized environment who operate with administrative privileges enabled. These user accounts should be carefully controlled and monitored to avoid security breaches.

Users with Passwords More than 90 Days Old

This perspective lists details for users in the visualized environment who have not changed their password in the past 90 days. Regular password changes help ensure the integrity of user accounts.

Accounts with no Login During Last 21 Days

This perspective lists user accounts in the visualized environment that have not been used to begin a new interactive login session in the past 21 days.

Users with Operator Privileges

This perspective lists users in the visualized environment who have been granted print operator, communications operator, server operator, or account operator privileges.

Expired User Accounts

This perspective lists user accounts in the visualized environment that have expired.

Accounts with Expired Passwords

This perspective lists user accounts in the visualized environment with passwords that have expired.

Accounts that do not Require a Password

This perspective lists user accounts in the visualized environment that do not require a password.

Accounts where the Password cannot be Changed

This perspective lists user accounts in the visualized environment where the user is not permitted to change the password.

Accounts whose Passwords do not Expire

This perspective lists user accounts in the visualized environment whose passwords has no expiration date.

Accounts where the Password is Stored with Reversible Encryption in AD

This perspective lists user accounts in the visualized environment whose passwords are stored with reversible encryption in the Active Directory.

Sensitive Accounts where Delegation is Prohibited

This perspective lists user accounts in the visualized environment that are marked as sensitive. Other users cannot act as delegates of such user accounts.

Accounts where Logon with a Smartcard is Required

This perspective lists user accounts in the visualized environment where the user is required to logon to the account with a smart card.

Accounts where DES Encryption is Required for Keys

This perspective lists user accounts in the visualized environment where the principle is restricted to use only Data Encryption Standard (DES) encryption type for keys.

Accounts that are Trusted for Delegation

This perspective lists user accounts in the visualized environment where the account is enabled for delegation. This setting allows a service running under the account to assume a client's identity and to authenticate as that user to other remote servers on the network. Accounts with this option enabled should be tightly controlled.

Password Risk Assessment

This perspective shows user accounts (located in the upper right quadrant) that expose the greatest risk to encapsulation/decryption hacking attempts (assuming all accounts follow the same password policy). Accounts with the most authentication challenges and the oldest passwords have transmitted easily cracked security information over the network the greatest number of times.