Case Study #005.01

Scenario

A malicious user has reactivated an inactive user account belonging to an employee who has not used the system for a long time by unlocking it.

Impact

System administrators need to be aware of activities such as unlocking or deleting accounts of users who have left the company or have not logged in for a long time. These accounts could be used for suspicious activities, potentially causing harm to the system.

DefenceMore OCA Capabilities

Defencemore OCA's A020 control captures and lists lock, unlock, and delete activities performed on user accounts. Additionally, the A004 control detects master change activities carried out on user accounts. The captured logs are also recorded on a terminal basis, enabling detailed analysis from the specific PC used.

Related Checks

• A020 Operations On User Accounts
• A004 User Master Record Changing