Educause Security Discussion mailing list archives
Re: SECURITY Digest - 13 Dec 2006 to 14 Dec 2006 (#2006-251)
From: Dan Schneider <dan.schneider () DOANE EDU>
Date: Fri, 15 Dec 2006 08:04:02 -0600
We did it 3 years ago, and it was one of the best things we've ever done! -----Original Message----- From: SECURITY automatic digest system [mailto:LISTSERV () LISTSERV EDUCAUSE EDU] Sent: Thursday, December 14, 2006 11:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: SECURITY Digest - 13 Dec 2006 to 14 Dec 2006 (#2006-251) There are 8 messages totalling 704 lines in this issue. Topics of the day: 1. One network or two? 2. passworded screen savers with timeouts, why? (6) 3. Security 504: SANS Hacker Techniques - March 26 - 31, Norwood, MA ---------------------------------------------------------------------- Date: Thu, 14 Dec 2006 13:55:59 -0500 From: jkaftan <jkaftan () UTICA EDU> Subject: One network or two? How are you handling your ResNet? Currently we are sharing our LAN hardware with the students. We are separated by VLANs and ACLs. We also share a FW and a edge router. There are times when the student activity affects the admin side. Also I am always worried about security. We are in the process of ordering a second ISP for redundancy. This gives me the option of completely separating our networks. That would give me greater security as students would have to go to the internet and through the Admin firewall in order to access resources. I am not sure if I should do that. What are you doing and how does it work for you? Thanks. ------------------------------ Date: Thu, 14 Dec 2006 16:43:42 -0500 From: Michael Fox <Mfox () GEORGIASOUTHERN EDU> Subject: passworded screen savers with timeouts, why? We are in the implementation stage of password and workstation policies. My questions, which comes from a number of users, is why a screen saver with a timeout period that requires entering a password when unlocking the screen saver? I have my answers (not a lot) for this but I would like to see what others would have to say about this. It is part of a DID from my perspective, but not the only piece for the workstation. Any opinions about this one way or another would be appreciated (hopefully most would be for locking the workstation). Oh, by the way we are doing this with Novell Zenworks. Thanks in advance, Mike Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 Jeremiah 29:11-16 ------------------------------ Date: Thu, 14 Dec 2006 17:15:32 -0500 From: Manuel Amaral <Manuel.Amaral () OLIN EDU> Subject: Security 504: SANS Hacker Techniques - March 26 - 31, Norwood, MA This is a multi-part message in MIME format. ------_=_NextPart_001_01C71FCD.5F5D6FB9 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable All; =20 On behalf of NERCOMP, I'd like to announce another SANS EDU course, Security 504: SANS Hacker Techniques, Exploits and Incident Handling (GCIH) being held in Norwood, MA on March 26 - 31, 2007. =20 =20 NERCOMP sponsored the Security 401; SANS Security Essentials with Bootcamp in June. We had a reasonable turnout however we're hoping to register even more people for this great course. Please help us spread the word and forward this to anyone who may be interested. =20 Regards, Manny =20 ----------------------------------- Manuel (Manny) Amaral Associate Director, Information Technology Franklin W. Olin College of Engineering =20 =20 =20 Dear Friends,=20 We are excited to announce that NERCOMP and SANS will be sponsoring a 6 day course. Registration is now open for NERCOMP's upcoming workshop:=20 " SECURITY 504: SANS HACKER TECHNIQUES, EXPLOITS & INCIDENT HANDLING (GCIH)" DATE:=20 March 26 - 31, 2007 TIME:=20 9:00am - 5:00pm (Coffee and Registration start at 7:15am) PRICE:=20 Take advantage of the early registration discount.=20 Payments received by February 7, 2007 NERCOMP Members: $1250, Non-Members: $1550 Payments received after February 7, 2007 NERCOMP Members: $1750, Non-Members: $2000 The conference fee includes a buffet luncheon and continuous morning and afternoon breaks everyday.=20 LOCATION:=20 Four Points Sheraton Hotel & Conference Center=20 1125 Boston Providence Turnpike=20 Norwood, MA. DESCRIPTION:=20 If your organization has an Internet connection and one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.=20 By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them, and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.=20 This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.=20 For a full schedule and registration information, please go to:=20 http://www.nercomp.org/events/event_single.aspx?id=3D664 We would be grateful if you would pass this announcement on to friends and colleagues who might find it of interest.=20 To view other SIGs events, click here: http://www.nercomp.org/events/upcoming_events.aspx Thank you very much. We hope to see you on March 26th. ------_=_NextPart_001_01C71FCD.5F5D6FB9 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2995" name=3DGENERATOR></HEAD> <BODY> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2>All;</FONT></SPAN></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff=20 size=3D2></FONT> </DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2> On behalf of NERCOMP, I'd = like to=20 announce another SANS EDU course, Security 504: SANS Hacker = Techniques,=20 Exploits and Incident Handling (GCIH) being held in Norwood, MA on = March 26=20 - 31, 2007. </FONT></SPAN></DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2></FONT></SPAN> </DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2> NERCOMP sponsored the = Security 401;=20 SANS Security Essentials with Bootcamp in June. We had = a reasonable=20 turnout however we're hoping to register even more people for this = great=20 course. </FONT></SPAN><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2>Please help us spread the word and forward this = to anyone=20 who may be interested.</FONT></SPAN></DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2></FONT></SPAN> </DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2>Regards,</FONT></SPAN></DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2>Manny</FONT></SPAN></DIV><SPAN = class=3D100094821-14122006> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial = size=3D2></FONT> </DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial=20 size=3D2>-----------------------------------</FONT></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial size=3D2>Manuel (Manny)=20 Amaral<BR>Associate Director, Information Technology</FONT></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial size=3D2>Franklin W. Olin = College of=20 Engineering</FONT></DIV> <DIV><FONT face=3DArial color=3D#0000ff = size=3D2></FONT></SPAN> </DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D100094821-14122006><FONT = face=3DArial=20 color=3D#0000ff size=3D2></FONT></SPAN> </DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff=20 size=3D2></FONT> </DIV> <DIV></DIV>Dear Friends, <BR>We are excited to announce that NERCOMP and = SANS=20 will be sponsoring a 6 day course.<BR><BR>Registration is now open for = NERCOMP's=20 upcoming workshop: <BR><B>" SECURITY 504: SANS HACKER TECHNIQUES, = EXPLOITS &=20 INCIDENT HANDLING (GCIH)"<BR><BR>DATE: <BR></B>March 26 - 31,=20 2007<BR><BR><B>TIME: <BR></B>9:00am - 5:00pm (Coffee and Registration = start at=20 7:15am)<BR><BR><B>PRICE: <BR>Take advantage of the early registration = discount.=20 <BR></B><U>Payments received by February 7, 2007<BR></U>NERCOMP Members: = $1250,=20 Non-Members: $1550<BR><BR><U>Payments received after February 7,=20 2007<BR></U>NERCOMP Members: $1750, Non-Members: $2000<BR><BR>The = conference fee=20 includes a buffet luncheon and continuous morning and afternoon breaks = everyday.=20 <BR><BR><B>LOCATION: <BR></B>Four Points Sheraton Hotel & Conference = Center=20 <BR>1125 Boston Providence Turnpike <BR>Norwood,=20 MA.<BR><BR><BR><B>DESCRIPTION:</B> <BR>If your organization has an = Internet=20 connection and one or two disgruntled employees (and whose doesn't!), = your=20 computer systems will get attacked. From the five, ten, or even one = hundred=20 daily probes against your Internet infrastructure to the malicious = insider=20 slowly creeping through your most vital information assets, attackers = are=20 targeting your systems with increasing viciousness and stealth. = <BR><BR>By=20 helping you understand attackers' tactics and strategies in detail, = giving you=20 hands-on experience in finding vulnerabilities and discovering = intrusions, and=20 equipping you with a comprehensive incident handling plan, the in-depth=20 information in this course helps you turn the tables on computer = attackers. This=20 course addresses the latest cutting-edge insidious attack vectors and = the=20 "oldie-but-goodie" attacks that are still so prevalent, and everything = in=20 between. Instead of merely teaching a few hack attack tricks, this = course=20 includes a time-tested, step-by-step process for responding to computer=20 incidents, a detailed description of how attackers undermine systems so = you can=20 prepare, detect, and respond to them, and a hands-on workshop for = discovering=20 holes before the bad guys do. Additionally, the course explores the = legal issues=20 associated with responding to computer attacks, including employee = monitoring,=20 working with law enforcement, and handling evidence. <BR><BR>This = challenging=20 course is particularly well suited to individuals who lead or are a part = of an=20 incident handling team. Furthermore, general security practitioners, = system=20 administrators, and security architects will benefit by understanding = how to=20 design, build, and operate their systems to prevent, detect, and respond = to=20 attacks. <BR><BR>For a full schedule and registration information, = please go to:=20 <BR><A href=3D"http://www.nercomp.org/events/event_single.aspx?id=3D664"; = eudora=3D"autourl">http://www.nercomp.org/events/event_single.aspx?id=3D 6= 64</A><BR><BR>We=20 would be grateful if you would pass this announcement on to friends and=20 colleagues who might find it of interest. <BR><BR>To view other SIGs = events,=20 click here: <A = href=3D"http://www.nercomp.org/events/upcoming_events.aspx"=20 eudora=3D"autourl">http://www.nercomp.org/events/upcoming_events.aspx</A
=
<BR><BR>Thank=20 you very much. We hope to see you on March 26th.<BR></BODY></HTML> ------_=_NextPart_001_01C71FCD.5F5D6FB9-- ------------------------------ Date: Thu, 14 Dec 2006 17:00:47 -0500 From: Selden E Ball Jr <seb () LEPP CORNELL EDU> Subject: Re: passworded screen savers with timeouts, why? Mike wondered
We are in the implementation stage of password and workstation policies. My questions, which comes from a number of users, is why a screen saver with a timeout period that requires entering a password when unlocking the screen saver?
What alternatives are being considered? The term "screensaver" is a misnomer these days, since most really don't try to prevent phosphor burnin, the original intent. "Password protected screensavers with timeouts" are a way to a) prevent unauthorized access to a desktop system b) when the user leaves for an unexpectedly long time c) without losing whatever work is currently in progress. The alternatives that I can think of are worse: a) leave the computer desktop unprotected when one is away from the physical desk -- you don't know who might wander by who would be interested in what you're doing or who might make some unnoticed modification to something. b) always having to remember to manually lock the desktop -- it's too easy to forget c) forcing a complete logout may cause the loss of work and certainly a loss of time when one has to reopening all the programs and windows that were in use. Selden ====== Selden E. Ball, Jr. Cornell University Voice: +1-607-255-0688 Laboratory for Elementary-Particle Physics FAX: +1-607-255-8062 LT105 R. R. Wilson Laboratory http://www.lepp.cornell.edu/~seb/ Dryden Road Internet: SEB () LEPP CORNELL EDU Ithaca, NY, USA 14853-8001 HEPnet/SPAN: LNS62::SEB = 44284::SEB ------------------------------ Date: Thu, 14 Dec 2006 16:35:30 -0600 From: Chris Green <cmgreen () UAB EDU> Subject: Re: passworded screen savers with timeouts, why? I'm assuming by timeouts you mean the screensaver engages after N minutes of inactivity. The reason is to tie the user's logged in state to their actual identity. If someone walks away, someone can now do activity under the user's account.=20 An example I use here: If you're logged into our ERP application, you can do self-service payroll adjustment. Wouldn't you hate if someone just sat down and changed YOUR direct deposit to THEIR account? Since people tend to use multiple applications, I try to use the workstation as the place to do locking so people don't have to then get into the other 4 applications that have timed out since they went to lunch. =20 That said, it's still a very hard sell in some areas.=20
-----Original Message----- From: Michael Fox [mailto:Mfox () GEORGIASOUTHERN EDU] Sent: Thursday, December 14, 2006 3:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] passworded screen savers with timeouts, why? =20 We are in the implementation stage of password and workstation policies. My questions, which comes from a number of users, is why a screen saver with a timeout period that requires entering a password when unlocking the screen saver? =20 I have my answers (not a lot) for this but I would like to see what others would have to say about this. It is part of a DID from my perspective, but not the only piece for the workstation. =20 Any opinions about this one way or another would be appreciated (hopefully most would be for locking the workstation). =20 Oh, by the way we are doing this with Novell Zenworks. =20 Thanks in advance, =20 Mike =20 Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 =20 Jeremiah 29:11-16
------------------------------ Date: Thu, 14 Dec 2006 14:49:51 -0800 From: Bob Kehr <rskehr () UCDAVIS EDU> Subject: Re: passworded screen savers with timeouts, why? We, too, have this policy. It can be a hard sell. Out of curiosity, what is your prescribed time of inactivity before the screensaver engages? What environments is it used in (including faculty offices?)? -Bob -----Original Message----- From: Chris Green [mailto:cmgreen () UAB EDU] Sent: Thursday, December 14, 2006 2:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] passworded screen savers with timeouts, why? I'm assuming by timeouts you mean the screensaver engages after N minutes of inactivity. The reason is to tie the user's logged in state to their actual identity. If someone walks away, someone can now do activity under the user's account. An example I use here: If you're logged into our ERP application, you can do self-service payroll adjustment. Wouldn't you hate if someone just sat down and changed YOUR direct deposit to THEIR account? Since people tend to use multiple applications, I try to use the workstation as the place to do locking so people don't have to then get into the other 4 applications that have timed out since they went to lunch. That said, it's still a very hard sell in some areas.
-----Original Message----- From: Michael Fox [mailto:Mfox () GEORGIASOUTHERN EDU] Sent: Thursday, December 14, 2006 3:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] passworded screen savers with timeouts, why? We are in the implementation stage of password and workstation policies. My questions, which comes from a number of users, is why a screen saver with a timeout period that requires entering a password when unlocking the screen saver? I have my answers (not a lot) for this but I would like to see what others would have to say about this. It is part of a DID from my perspective, but not the only piece for the workstation. Any opinions about this one way or another would be appreciated (hopefully most would be for locking the workstation). Oh, by the way we are doing this with Novell Zenworks. Thanks in advance, Mike Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 Jeremiah 29:11-16
------------------------------
Date: Thu, 14 Dec 2006 16:59:50 -0600
From: Bruce Curtis <bruce.curtis () NDSU EDU>
Subject: Re: passworded screen savers with timeouts, why?
--Apple-Mail-2-998913067
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
Content-Transfer-Encoding: 7bit
On Dec 14, 2006, at 4:35 PM, Chris Green wrote:
That said, it's still a very hard sell in some areas.
I haven't seen this anywhere yet but with bluetooth on more computers
and phones and PDAs it would be convenient for the user if the screen
unlocked when they returned after the user's phone/PDA and computer did
some kind of secure exchange.
This introduces new dangers if someone else has access to your phone
or PDA but if it would be an improvement over having no auto lockout at
all.
Other possible features could be thought of such as you might still
be required to enter a passoword if you have been away from your
computer for more than 4 hours or overnight etc.
---
Bruce Curtis bruce.curtis () ndsu edu
Certified NetAnalyst II 701-231-8527
North Dakota State University
--Apple-Mail-2-998913067
Content-Type: text/html;
charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><BR><DIV><DIV>On Dec 14, 2006, =
at 4:35 PM, Chris Green wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV
style=3D"margin-top: = 0px; margin-right: 0px; margin-bottom: 0px;
margin-left: 0px; ">That = said, it's still a very hard sell in some
areas.<SPAN = class=3D"Apple-converted-space">=A0</SPAN></DIV> =
</BLOCKQUOTE><BR></DIV><DIV>=A0 I haven't seen this anywhere yet but =
with bluetooth on more computers and phones and PDAs it would be =
convenient for the user if the screen unlocked when they returned after
= the user's phone/PDA and computer did some kind of secure =
exchange.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>=A0
= This introduces new dangers if someone else has access to your phone
or = PDA but if it would be an improvement over having no auto lockout
at = all.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>=A0
= =A0Other possible features could be thought of such as you might still
= be required to enter a passoword if you have been away from your =
computer for more than 4 hours=A0 or overnight etc.</DIV><BR><DIV> <P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; =
min-height: 14.0px"><BR></P> <P style=3D"margin: 0.0px 0.0px 0.0px =
0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">---</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px =
0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">Bruce Curtis <SPAN class=3D"Apple-converted-space">=A0 =A0
=A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 <SPAN
class=3D"Apple-converted-tab">=A0 =A0 = </SPAN></SPAN><A =
href=3D"mailto:bruce.curtis () ndsu edu">bruce.curtis () ndsu edu</A></FONT></
P>=
<P style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">Certified NetAnalyst II<SPAN
= class=3D"Apple-converted-space"><SPAN
class=3D"Apple-converted-tab">=A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0
</SPAN></SPAN>701-231-8527</FONT></P> <P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">North Dakota State =
University<SPAN class=3D"Apple-converted-space"><SPAN =
class=3D"Apple-converted-tab"> =A0 =A0 =A0 =A0</SPAN></SPAN></FONT></P>
= </DIV><BR></BODY></HTML>=
--Apple-Mail-2-998913067--
------------------------------
Date: Thu, 14 Dec 2006 17:11:02 -0600
From: Chris Green <cmgreen () UAB EDU>
Subject: Re: passworded screen savers with timeouts, why?
15 minutes is our timeout. Public stations (libraries, labs) where they
logout automatically after 15 minutes. There are no screensavers
implemented in rooms where presentations are done.
Due to our HIPAA implementation, roughly 50% of campus is required to
(decision is on a school by school basis). We have a central desktop
service center and departments can also run their own services. In our
central desktop group, we've engaged it for almost all customers but
individual departments can choose to acknowledge the risks and leave it
off for one or all workstations.
Some of the things we've run into:
* Make sure you communicate to the affected folks! We relied on trickle
down for these changes and that trickle didn't happen in all areas.=20
* Lab Equipment that is shared across multiple people
* Conference Rooms
* Shared, but not public, workstations: Unlocking a desktop in a shared
office
-----Original Message----- From: Bob Kehr [mailto:rskehr () ucdavis edu] Sent: Thursday, December 14, 2006 4:50 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] passworded screen savers with timeouts, why? =20 We, too, have this policy. It can be a hard sell. =20 Out of curiosity, what is your prescribed time of inactivity before
the
screensaver engages? What environments is it used in (including
faculty
offices?)? =20 -Bob =20 -----Original Message----- From: Chris Green [mailto:cmgreen () UAB EDU] Sent: Thursday, December 14, 2006 2:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] passworded screen savers with timeouts, why? =20 I'm assuming by timeouts you mean the screensaver engages after N minutes of inactivity. The reason is to tie the user's logged in state to their actual identity. If someone walks away, someone can now do activity under
the
user's account. =20 An example I use here: If you're logged into our ERP application, you
can do self-service payroll adjustment. Wouldn't you hate if someone just sat down and changed YOUR direct deposit to THEIR account? =20 Since people tend to use multiple applications, I try to use the workstation as the place to do locking so people don't have to then
get
into the other 4 applications that have timed out since they went to lunch. =20 That said, it's still a very hard sell in some areas. =20 =20 =20-----Original Message----- From: Michael Fox [mailto:Mfox () GEORGIASOUTHERN EDU] Sent: Thursday, December 14, 2006 3:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] passworded screen savers with timeouts, why? We are in the implementation stage of password and workstation policies. My questions, which comes from a number of users, is why a
screen saver with a timeout period that requires entering a password
when unlocking the screen saver? I have my answers (not a lot) for this but I would like to see what others would have to say about this. It is part of a DID from my perspective, but not the only piece for the workstation. Any opinions about this one way or another would be appreciated (hopefully most would be for locking the workstation). Oh, by the way we are doing this with Novell Zenworks. Thanks in advance, Mike Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 Jeremiah 29:11-16
------------------------------ End of SECURITY Digest - 13 Dec 2006 to 14 Dec 2006 (#2006-251) ***************************************************************
Current thread:
- Re: SECURITY Digest - 13 Dec 2006 to 14 Dec 2006 (#2006-251) Dan Schneider (Dec 15)