Security Basics mailing list archives
RE: Undeliverable: RE: [fw-wiz] HTTPS, proxies, and remote developers.
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 23 Jun 2003 11:35:10 -0700
From: Hilal Hussein [mailto:hilalma () hotmail com] 1-For the Password Policy, i got lots of documents from the net, and i came out with two policies, one for "the creation of strong passwords, the protection of those passwords, and the frequency of change" and the other is for "how to write down passwords and seal them in an envelope, how to store them and retrieve them appropriately".
Q1: do I have to keep it two policies or it is perferable to merge both in one document?
I prefer "THE Password Policy" to "Which password policy covers this?" I would, however, add a third section that deals with sharing / revealing / cracking of passwords. Make it clear (a) that cracking is not allowed, (b) that sharing is not allowed, and that (c) unless their is reason to believe that a *strong* (back to one of your existing pieces) password was cracked, the account's user of record will be held accountable for all use made. David Gillett --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: Undeliverable: RE: [fw-wiz] HTTPS, proxies, and remote developers. Hilal Hussein (Jun 23)
- RE: Undeliverable: RE: [fw-wiz] HTTPS, proxies, and remote developers. David Gillett (Jun 24)