Educause Security Discussion mailing list archives
Re: Don't Display Last Username??
From: Gary Dobbins <dobbins () ND EDU>
Date: Thu, 11 Oct 2007 15:29:49 -0400
It also discloses the recent whereabouts of the individual last at that computer, which may have privacy implications.
-----Original Message----- From: Jarrod Millman [mailto:millman () BERKELEY EDU] Sent: Thursday, October 11, 2007 3:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Don't Display Last Username?? On 10/11/07, Gibson, Nathan J. (HSC) <Nathan-Gibson () ouhsc edu> wrote:Every " security best practices" document I have read suggestsenablingthis setting on the domain, however I need to justify it. I have alist thathas some good points but I wanted to see the justification othersecuritypractitioners have for their organization.I think the main reason is that to gain access to most computers requires at least two things: 1) a login name and 2) a password. If a computer displays the last user's login, then one of the two pieces of information needed to gain access is exposed. -- Jarrod Millman Computational Infrastructure for Research Labs 10 Giannini Hall, UC Berkeley phone: 510.643.4014 http://cirl.berkeley.edu/
Current thread:
- Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)