Re: [fw-wiz] Security policy & setup for portable computers
From: Paul Robertson (proberts_at_patriot.net)
Date: 06/22/03
- Previous message: Paul Robertson: "Re: [fw-wiz] websiite log transfers from exposed to internal nets:"
- In reply to: Hilal Hussein: "[fw-wiz] Security policy & setup for portable computers"
- Next in thread: Mitch Pirtle: "Re: [fw-wiz] Security policy & setup for portable computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Hilal Hussein <hilalma@hotmail.com> Date: Sun, 22 Jun 2003 09:59:25 -0400 (EDT)
On Sat, 21 Jun 2003, Hilal Hussein wrote:
> Dear Gentlemen,
[FWIW, there are a good number of non-male subscribers to the list.]
>
> My Boss asked me to write down :
> 1 - the Password Policy
> 2 - The Client 'winXP,win98,winNT Wordstation' Security Policy
> 3 - The Information Technology Security Policy in General in our company
>
> 1-For the Password Policy, i got lots of documents from the net, and i came
> out with two policies, one for "the creation of strong passwords, the
> protection of those passwords, and the frequency of change" and the other is
> for "how to write down passwords and seal them in an envelope, how to store
> them and retrieve them appropriately".
> Q1: do I have to keep it two policies or it is perferable to merge both in
> one document?
It depends on if they're for the same audience. Also, you should think
very seriously about the value of "strong passwords" versus the fact that
end-users will write them down, and they'll be either in the top desk
drawer, under the mousepad, on the monitor, or under the keyboard when you
go to look. Most dictionary programs these days are good enough that the
value from "strong" passwords is negated for all systems that don't have
exposure to the Internet and password guessing attacks.
> One further question: what is the Security policy for a laptop? and what
> setup should be for teh laptop to be secure since users will travel with teh
> laptop using other network or internet connections, then come back to our
> secure network, i am sure that some extra care should be taken in advanced
> in order not to introduce any vulnerability to our secure network.
Generally, I'd require up-to-date AV where appropriate (Win*) and some
sort of local firewall with an approved policy on the laptop itself.
Encryption of sensaitve information is probably a good thing too,
depending on yoru local laws.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Robertson: "Re: [fw-wiz] websiite log transfers from exposed to internal nets:"
- In reply to: Hilal Hussein: "[fw-wiz] Security policy & setup for portable computers"
- Next in thread: Mitch Pirtle: "Re: [fw-wiz] Security policy & setup for portable computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
