|
|
|
Defining OLAP Solutions and Data Warehouse design
This tutorial covers OLAP solutions used by Data warehouses and understanding Data Warehouse design. The enterprise needs to ask itself certain fundamental questions before actually launching on the process of designing the data warehouse. It must...
Finding a Physical Phone Tap
If you are worried that you have a phone tap problem, there are
some ways to investigate the truth and try to find the tap. A
physical phone tap is one that is actually present on your
phone, or present somewhere along the phone wire....
How to Choose a Reliable Web Host ?
The first thing you should do before beginning your search for a reliable web host, is to make a list of your specific web hosting needs. How much space will you need? How much transfer allowance? How many emails? Will you need a database? Will you...
How to re-record other video files
Have you ever wanted to re-record movies, music videos or other stuff playing on the web? Well, the problem is that these players use video overlay. A video overlay is invisible to Windows capture programs because it is handled by a special video...
Trouble-shooting mouse problems
Question : I have a problem with my mouse. This usually happens when I leave the PC idle for more than five minutes. The mouse goes berserk whenever I try clicking it. It would point to another icon and then run the related program. Although I press...
|
|
| |
|
|
|
|
|
|
Implementing a Secure Password Policy
----------------------------------------------------------
Permission is granted for the below article to forward, reprint,
distribute, use for ezine, newsletter, website, offer as free
bonus or part of a product for sale as long as no changes are
made and the byline, copyright, and the resource box below is
included.
----------------------------------------------------------
Implementing a Secure Password Policy
By Stephen Bucaro
I don't need to tell you the importance of good network security
- but I will. If your network is compromised, competitors could
obtain information about where your company gets their
resources, steal your company's research, learn your company's
marketing plans, and other sensitive information that could
destroy your company's competitive advantage. The loss of
competitive advantage could require your company to reduce its
labor force - in other words you could lose your job.
If your company's network is compromised, identity thefts could
use your company's customers credit card numbers and social
security numbers to steal their identities and destroy their
lives. And it's not only your company's customers who are going
to suffer. When the source of the security breach is traced to
your company, the result will be a negligence lawsuit. And after
you get a reputation for being incompetent in the area of
network security, try to get a network administrator job at
another company.
Having a secure password policy is the front line of network
security. What good is a firewall and ant-virus protection if
hackers can easily log on and have their way with your network?
A secure password policy requires the following steps:
- Require users to create secure passwords - Configure your
system for password security - Disable default administrator
accounts - Create a Written password security policy -
Continuously communicate the password policy
How a Password Cracking Program Works
Hackers trying to break into your company's network will use a
"password cracking" program. The program runs continuously on
one or more computers. At predefined intervals it attempts to
logon to your company's network using the next username and
password in sequence in its dictionary. After a predefined
number of failed attempts, it will wait for a predefined
interval before making another attempt.
A password cracking program is not so aggressive that its
activities are easily detectable. You'll never know about the
hacker's activities unless you carefully analyze your server
logs. A hacker will continue to run the password cracking
program for years. They have lots of patience because, after
all, they are just sitting watching TV while the password
cracking program trys to break into your company's network. And
when it finally breaks into your system, the hacker can sell
your company's customers personal information for hundreds of
thousands of dollars.
Require Users to Create Secure Passwords
Your job, as network administrator, is to force users to create
passwords that are very time consuming for the password cracking
program to discover. In order to do this, users must create
passwords that are not at the beginning of the password cracking
program's dictionary. If one of your users thinks it's cute to
use the name of their pet as a password, I can assure you that
the word "scooter" is very close to the beginning of the
cracker's dictionary. Your networks security might not last the
week.
Require you users to create passwords that comply with the
following rules:
- Don't use a persons name, pets name, street name, or name of
an activity, event, place or thing - Don't use any word that
would be in the dictionary - Make the password long, the longer
the better (some systems have a maximum password length) - Use a
combination of letters and numbers - Use special characters,
like underscore or exclamation mark (if your system allows
special characters) Use a combination of uppercase and lowercase
letters (if your system's passwords are case sensitive).
Configure Your System for Password Security
A hacker's password cracking program can be thwarted by the
following system configurations:
- Lock out a user's account after a certain number of failed
logon attempts. Sure, a user might
arrive in the morning with a
hangover and screw up their password two or three times, but
more failed attempts than that is probably the result of a
hacker. Configure the system to lock out a users account after
an unreasonable number of failed logon attempts.
- Configure the time interval of the failed logon attempts lock
out. If users understand that after they mistype up their
password x number of times, they need to wait 30 minutes before
making another logon attempt, they shouldn't be too annoyed. The
longer the time interval of failed logon attempts lock out, the
more it thwarts hackers. Unfortunately, long lock out periods
can occasionally be a problem for a legitimate user.
- Configure Your System to expire passwords periodically.
Imagine a password cracking program that has attempted millions
of passwords from its dictionary and is getting closer every day
to the actual password - and then the password changes. The more
frequently passwords change, the more secure the system is.
Configure Your System to expire passwords every 60 days or more
frequently.
Disable Default Administrator Accounts
Upon installation, many operating systems and software
applications have default accounts. Everybody knows the default
administrator user name for a Windows server is "Administrator".
Everybody knows the default administrator user name for SQL
server is "sa" and that, by default this user name requires no
password. Perform an audit of the all software and hardware
(routers, switches, etc.) on your network to make sure they are
not using a default account.
Create a Written Password Security Policy
Put your password security policy in writing. In addition to the
items already discussed in this article, put the following rules
in your written security policy:
- Don't reveal your password to ANYONE - not a fellow employee
(who may quit or get fired and then use your password) - not a
service technician (A hacker might call pretending to be a
technical support person who needs a password to troubleshoot a
problem). If a legitimate technical support person needs your
password, change your password immediately afterward. Many
security breaches occur when a user purposely reveals their
password.
- Don't let anyone look over your shoulder while you log on, and
in return don't look over anyone else's shoulder while they log
on.
- Don't leave your computer unattended while logged on. Log off,
go for coffee, log on.
- Don't leave paper or digital media containing sensitive data
laying around. You can't be sure that outside visitors won't
enter your area. You can't be sure that a fellow employee isn't
out to cause damage to your company.
- Don't discard paper or digital media in public waste
containers. "Dumpster diving" is a common way for thefts to
acquire sensitive information.
Continuously Communicate the Password Policy
many users hate password policies. They prefer to create a
password that is cute and memorable, and never change it. They
prefer to be friendly and cooperative with fellow employees and
outsiders and share their passwords. They don't understand the
value of the company's information and don't like to take the
time to be vigilant about not leaving it laying around, or
disposing of it properly.
As network administrator, it's your responsibility to
continuously communicate and promote the password security
policy. Use the company newsletter and meetings to reiterate the
password security policy. Also communicate WHY the password
security policy is necessary. WHY do employees need to comply
with the company's password policy? What will be the inevitable
result of failure to comply with the policy? Employees will
demonstrate much better conformance to any rules if they
understand WHY the rules are necessary.
----------------------------------------------------------
Resource Box: Copyright(C)2005 Bucaro TecHelp. FREE ebooks,
software, graphics, certification self tests, Java Script and
CSS cut-and-paste code. Learn PC Anatomy, find FREE diagnostic
Tools and technical assistance. Learn how to start your own
online business and much more! You never know what you'll find
at bucarotechelp.com
----------------------------------------------------------
About the author:
None
|
|
|
|
|
| Tom's Hardware |
| : Tom's Hardware Guide is the Internet's premiere resource for hardware news and reviews. |
| www.tomshardware.com |
|
| HardwareCentral - Your source for in-depth computer hardware info. |
| HardwareCentral is the #1 Hardware Information Resource on the 'Net. Featuring over 600 pages of Hardware information, including advice on System ... |
| www.hardwarecentral.com |
|
| Apple - Hardware |
| Find your favorite Mac, iPod and other Apple accessories. |
| www.apple.com |
|
| Ace Hardware |
| Nationwide (United States) hardware and home improvement retailer. Includes products, dealer locator and corporate information. |
| www.acehardware.com |
|
| Computer hardware - Wikipedia, the free encyclopedia |
| The hardware of a computer is infrequently changed, in comparison with software and ... Personal computers, the computer hardware familiar to most people, ... |
| en.wikipedia.org |
|
| Hardware - Wikipedia, the free encyclopedia |
| Hardware is the general term that is used to describe physical artifacts of a technology. ... In a looser sense, hardware can be major military equipment, ... |
| en.wikipedia.org |
|
| Open Directory - Computers: Hardware |
| Hardware Central - Computing-centric community providing vital information, support, tools and interaction facilities for power computer users and ... |
| dmoz.org |
|
| Microsoft Hardware – Home Page |
| Learn about Microsoft mice, keyboards, desktop sets, webcams, media center peripherals, gaming products, fingerprint readers and presentation tools. |
| www.microsoft.com |
|
| AnandTech: your source for hardware analysis and news |
| Independent hands-on reviews of computer hardware such as motherboards, graphic cards, and CPUs. |
| www.anandtech.com |
|
| hardware.com - Routers, switches, firewalls, servers, memory ... |
| Supplier of new and refurbished networking hardware and approved and compatible network accessories. Located in the United Kingdom. |
| www.hardware.com |
|
| Slashdot: News for nerds, stuff that matters |
| From the article: "Although the news caused barely a ripple of reaction in the audience of software and hardware engineers, there are industry analysts who ... |
| hardware.slashdot.org |
|
| InformationWeek HardwareTech Center |
| Our hardware coverage ranges from mobile computers and PDAs to servers and supercomputers, and the infrastructure issues enterprises deal with every day. ... |
| www.informationweek.com |
|
| What is hardware? - A Word Definition From the Webopedia Computer ... |
| This page describes the term hardware and lists other pages on the Web where you can find additional information. |
| www.webopedia.com |
|
| Google Directory - Computers > Hardware |
| Hardware Central - http://www.hardwarecentral.com/ Computing-centric community providing vital information, support, tools and interaction facilities for ... |
| www.google.com |
|
| Gifts: Unique Gifts & Gift Ideas at Restoration Hardware |
| At Restoration Hardware, you'll explore an exceptional world of high quality unique gifts. Browse our products to find gift ideas & more at Restoration ... |
| www.restorationhardware.com |
|
| HwB: The Hardware Book |
| HwB provides you with circuits, pinouts, cable/adapter descriptions and other technical information. |
| www.hardwarebook.net |
|
| Reg Hardware: Product News and Gadget Reviews from The Register |
| More Gadgets Stuff. 5th December 2006 12:09 GMT. Author: Reg Hardware ... 27th November 2006 15:31 GMT. Author: The Hardware Widow ... |
| www.reghardware.co.uk |
|
| red hat hardware compatibility lists |
| hardware.redhat.com/ - Similar pages |
|
|
| TrueValue.com |
| Here's our tip to hang strands of lights with ease. Jeanenne & Jim Tucker Plantation True Value Hardware Richmond, TX ... |
| www.truevalue.com |
|
| A complete illustrated Guide to the PC Hardware |
| A complete illustrated Guide to the PC Hardware, Logic and Architecture. 500 easy-read articles about the modern PC. Understand the basic architecture of ... |
| www.karbosguide.com |
|
|