Firewall Wizards mailing list archives
Re: Security policy & setup for portable computers
From: Paul Robertson <proberts () patriot net>
Date: Sun, 22 Jun 2003 09:59:25 -0400 (EDT)
On Sat, 21 Jun 2003, Hilal Hussein wrote:
Dear Gentlemen,
[FWIW, there are a good number of non-male subscribers to the list.]
My Boss asked me to write down : 1 - the Password Policy 2 - The Client 'winXP,win98,winNT Wordstation' Security Policy 3 - The Information Technology Security Policy in General in our company 1-For the Password Policy, i got lots of documents from the net, and i came out with two policies, one for "the creation of strong passwords, the protection of those passwords, and the frequency of change" and the other is for "how to write down passwords and seal them in an envelope, how to store them and retrieve them appropriately". Q1: do I have to keep it two policies or it is perferable to merge both in one document?
It depends on if they're for the same audience. Also, you should think very seriously about the value of "strong passwords" versus the fact that end-users will write them down, and they'll be either in the top desk drawer, under the mousepad, on the monitor, or under the keyboard when you go to look. Most dictionary programs these days are good enough that the value from "strong" passwords is negated for all systems that don't have exposure to the Internet and password guessing attacks.
One further question: what is the Security policy for a laptop? and what setup should be for teh laptop to be secure since users will travel with teh laptop using other network or internet connections, then come back to our secure network, i am sure that some extra care should be taken in advanced in order not to introduce any vulnerability to our secure network.
Generally, I'd require up-to-date AV where appropriate (Win*) and some sort of local firewall with an approved policy on the laptop itself. Encryption of sensaitve information is probably a good thing too, depending on yoru local laws. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security policy & setup for portable computers Hilal Hussein (Jun 22)
- Re: Security policy & setup for portable computers Paul Robertson (Jun 22)
- Re: Security policy & setup for portable computers Mitch Pirtle (Jun 23)