Administrative user
The access control mechanisms of the system may be further secured by granting administrative rights to only specific users. For each administrative user, there should be two user accounts, one to perform normal user operations, and the other to perform administrative functions. For example, if the user James is a designated administrator he should have a standard system account “james” with no special privileges and an administrative account “admin_james” with administrator rights. This provides accountability where there is more than one administrator on a system. The administrative users should be restricted from logging in to the system from network services using their administrative accounts. This further reduces the risk of the authentication credentials being compromised. To restrict remote access, the configuration of each network service will have to be altered
Add A Comment