|
Access
Security
Main point under
Access security is ‘password management’. Every individual may
have more than three or four passwords- machine boot level, OS
level, application level, email level etc
Instruct your users to have at least 8 characters
with at least one special character, and a mix of upper and lower
case alpha numeric characters. Try to avoid the initials , your name
, spouse names, date births and the department number or your badge
numbers.
Try to change the Passwords at a regular
interval, say at least one in four months. And have a system in
place where the system gets locked for a day, After a maximum of
five incorrect login attempts, accounts will be locked for a
specified period of time, or until administrator resets.
Password administration rules shall be systematically enforced.
Any exception shall be documented in the agency’s security
program.
Remote
Access is already discussed. Ensure that the remote user is properly
identified using login password as well as the telephone that is
used for RAS. This is valid for Virtual Private Networks too.
Maintain and review a log of remote connections.
Identify
the machines where a specific application only has to be run. Fix
the IP address of the machine and limit the access of the
application to only those machines authorized to use.
|