Académique Documents
Professionnel Documents
Culture Documents
System Administrator?
Security specialist?
Management?
Exclusively Windows?
Mostly/exclusively Linux/UNIX?
#7: PROCRASTINATION!!!
#1: Weak and default passwords
Verify that no default or empty passwords in use
Educate users on selecting good passwords (Thompson test)
No word or pair of words
Should be at least 10 chars (15-20 better)
Not based on personal info: SO, chil’n, car tag, hobby/interests
Do not use terms for computing or Science Fiction
Do not rely on capitalization
Do not rely on substitutions (zero for "oh", one for "el")
Use cracklib, etc. to ensure good passwords selected
Use crack, etc. to try to crack passwords
(with written management approval)
Avoid unencrypted passwords on disk and over network
#2: Open network ports
Turn off NFS,portmap,mountd,telnet,FTP,lpd/cups,auth,etc.