Re: Client Security
2003-05-20 22:17:17
From: Gill, Geoffrey L. [mailto:GEOFFREY.L.GILL AT SAIC DOT COM]
> Security: big topic most of the time and can be confusing
> when there are
> different variations. With the ability to make any node look
> like another
> node, what are the best security settings one can set up on
> the server and clients?
How many time do we system administrators have to say it?
intelligent passwords, intelligently handled
Say it again, boys and girls:
intelligent passwords, intelligently handled
95% of all security breaches come from stupid passwords, or intelligent
passwords handled stupidly. In other words:
--Don't give them out.
--Let them expire and reset them.
--Don't write them on slips of paper and tape them to the underside of
the keyboard or to the face of the monitor.
--Only those who have business having them should have them.
--Set password filters where possible.
--Don't allow repeated passwords.
> Should Admin users only be those specified and not let the
> node add one when it is created?
A node *has* to have an admin ID and password when it is created. It
should *not* be made a system password, and system-level IDs should
*not* be used to log into a client for a restore. Just common-sense
stuff.
> Passwordaccess generate. Any issues not using it?
Can you say "no client backups without admin intervention"?
--
Mark Stapleton (mark.stapleton AT berbee DOT com)
Berbee Information Networks
Office 262.521.5627
|
|
|