Educause Security Discussion mailing list archives

Re: Don't Display Last Username??

From: Gary Dobbins <dobbins () ND EDU>
Date: Thu, 11 Oct 2007 15:29:49 -0400

It also discloses the recent whereabouts of the individual last at that
computer, which may have privacy implications.

-----Original Message-----
From: Jarrod Millman [mailto:millman () BERKELEY EDU]
Sent: Thursday, October 11, 2007 3:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Don't Display Last Username??

On 10/11/07, Gibson, Nathan J. (HSC) <Nathan-Gibson () ouhsc edu> wrote:

Every " security best practices" document I have read suggests

enabling

this setting on the domain, however I need to justify it. I have a

list that

has some good points but I wanted to see the justification other

security

practitioners have for their organization.


I think the main reason is that to gain access to most computers
requires at least two things: 1) a login name and 2) a password.  If a
computer displays the last user's login, then one of the two pieces of
information needed to gain access is exposed.

--
Jarrod Millman
Computational Infrastructure for Research Labs
10 Giannini Hall, UC Berkeley
phone: 510.643.4014
http://cirl.berkeley.edu/

Current thread:

Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)