Re: Reasons and examples for security
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 12/12/04
- Next message: siljaline: "Re: Incredimail"
- Previous message: Philly lawyer: "McAfee self-disables"
- In reply to: roshak31: "Reasons and examples for security"
- Next in thread: Danny Sanders: "Re: Reasons and examples for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 Dec 2004 17:56:51 GMT
It is standard operating procedure that users have access to only their home
folders. As far as password policy I would use the Microsoft document called
"Threats and Countermeasures" to help build your case. --- Steve
http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.mspx --
Threats and Countermeasures guide with example pasted below
Maximum password age
The Maximum password age setting determines the number of days that a
password
can be used before the system requires the user to change it.
The possible values for this Group Policy setting are:
. A user specified number in days between 0 and 999
. Not Defined
Vulnerability
Any password can be cracked. With current computing power, breaking even the
most
complex password is only a matter of time and processing power. Some of the
following
settings can increase the difficulty level of breaking passwords in a
reasonable amount of
time. However, frequently changing user passwords in your environment may
help
reduce the risk of a valid password being cracked, as well as mitigating the
risk of
someone using a password that has been wrongfully acquired. The maximum
password
age can be configured so that users are never required to change their
passwords, but
doing so will result in a major security risk.
8
Countermeasure
Set Maximum password age to a value between 30 and 60 days. The value for
the
Maximum Password Age setting can be configured to never expire by setting
the number
of days to 0.
Potential Impact
Setting the Maximum password age value too low will require users to change
their
passwords very often. This may actually reduce the security in the
organization because
it may increase the possibility of users writing their passwords down to
avoid forgetting
them. Setting the value too high will reduce the level of security within an
organization
because it will allow a potential attacker a much larger timeframe in which
to crack a
user's password.
"roshak31" <Roshak31@news.postalias> wrote in message
news:71471564-180B-43B4-944A-B8FA41EB7E34@microsoft.com...
>I am looking for examples to support my case for tighter security. I am
> looking in the area of having to renew passwords at set time period which
> is
> not currently being done. I am also looking to find any supporting
> arguments
> for not having all home folders of everyone on the network available to
> everyone else on the network.
>
> Any stories and or arguments that would help my case for stronger security
> would be appreciated.
>
> Thanks,
- Next message: siljaline: "Re: Incredimail"
- Previous message: Philly lawyer: "McAfee self-disables"
- In reply to: roshak31: "Reasons and examples for security"
- Next in thread: Danny Sanders: "Re: Reasons and examples for security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
