RE: Best Practice for Screen Savers

From: Tim V - DZ (iceburn@dangerzone.com)
Date: 09/11/02 

From: "Tim V - DZ" <iceburn@dangerzone.com>
To: <security-basics@securityfocus.com>
Date: Wed, 11 Sep 2002 12:45:14 -0500

Totally agreed, but how do you enforce such a policy? Firing people for
forgetting to log out or lock their computer is a tad harsh for most
companies I would imagine. With a screen saver policy set on the domain
(possibly set to use logoff.scr with the "terminate applications" regkey
set) you can at least catch the people that "forget." And then the
station is only vulnerable for 10 minutes, instead of the next morning
at 8 when they come back.

-t

-----Original Message-----
From: rsieber@web.de [mailto:rsieber@web.de]
Sent: Tuesday, September 10, 2002 11:55 PM
To: security-basics@securityfocus.com
Subject: RE: Best Practice for Screen Savers

Hi Chris,

I'dont prefer ss-policies! IMHO 10 minutes are to long
when sb leaves the computer but is to short for working.
For these reasons we have the ploicy that everybody has
to lock his computer when leaving!

Robert

> -----Original Message-----
> From: Chris Hylen [mailto:chris.hylen@unigard.com]
> Sent: Tuesday, September 10, 2002 7:00 PM
> To: security-basics@securityfocus.com
> Subject: Best Practice for Screen Savers
>
>
> Security Pro's-
>
> I am looking for any best practice info or case studies on what
to
> set my companies screen saver password timeout to. It is currently 10
> minutes and I want to know if this is reasonable or if it is to
stringent.
> Any comments welcome.
>
> Thanks,
>
> -Chris
>