منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين
علمت أن رزقي لن يأخذه غيري فاطمأن قلبي

قم وذق طعم الصلاة في دجى الليل الطويل

قم وجاهد في الحياة ان مثوانا قليل

منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين

من أفضل مدارس قطر
 
الرئيسيةمكتبة الصوربحـثالتسجيلدخولاليومية
قال الامام احمد بن حنبل: إن لنا إخوان لانراهم إلا مره كل سنه , نحن اوثق بمودتهم ممن نراهم كل يوم .أسعد الله قلوبا طاهره إن وصلناها شكرت وإن قصرنا عذرت
من العظماء من يشعر المرء فى حضرته أنه صغير ولكن العظيم بحق هو من يشعر الجميع في حضرته بأنهم عظماء
كم في المقابر من يحسدونك على هذه الأيام والليالي التي تعيشها يتمنون لو تسبيحة أو استغفار ينفعهم عند ربهم أو سجدة تنير قبورهم أو صدقة تظلهم بين يدي الملك الجبار .. فقط تذكر .. ولا تضيع الفرصة التي بين يديك

شاطر | 
 

 Password Policy

استعرض الموضوع السابق استعرض الموضوع التالي اذهب الى الأسفل 
كاتب الموضوعرسالة
ghostpc



Posts : 85
أهمية العضو : 0
Join date : 18/11/2008

مُساهمةموضوع: Password Policy   الأحد نوفمبر 30, 2008 2:04 pm

Password Policy


This page provides some basic information that may be included in a password policy. When writing a password policy there are several issues to be considered. There are some experts that argue that password policies in many organizations are too stringent and actually decrease the organization's computer security.

When employees are required to change passwords often, meet minimim complexity requirements, and not repeat a password for a minimum amount of time, they may begin to break the rules and start writing passwords down simply because they cannot remember passwords that change so often. The reason for changing passwords is due to the fact that if an attacker gets a hashed or encrypted copy of a password, they can eventually break the password using a brute force attack. This takes a certain amount of computing power and as computers are more powerful, takes less time every year.

However the password policy is setup, it may be worth taking other precautions to protect accounts and passwords. One precaution is not to transmit them on the internet even in encrypted form. Another precaution is to be very careful about network security, to detect any unauthorized sniffing of the internal network, and stringent virus prevention including blocking dangerous email attachments.

Another controversial issue that some experts have discussed deals with the use of passwords versus pass phrases. Some experts contend that passwords are no longer secure and that pass phrases should be used rather than passwords.

Example Password Policy :

1.0 Overview :

All employees and personnel that have access to organizational computer systems must adhere to the password policies defined below in order to protect the security of the network, protect data integrity, and protect computer systems.

2.0 Purpose :

This policy is designed to protect the organizational resources on the network by requiring strong passwords along with protection of these passwords, and establishing a minimum time between changes to passwords.

3.0 Scope :

This policy applies to any and all personnel who have any form of computer account requiring a password on the organizational network including but not limited to a domain account and e-mail account.

4.0 Password Protection :

1. Never write passwords down.

2. Never send a password through email.

3. Never include a password in a non-encrypted stored document.

4. Never tell anyone your password.

5. Never reveal your password over the telephone.

6. Never hint at the format of your password.

7. Never reveal or hint at your password on a form on the internet.

8. Never use the "Remember Password" feature of application programs such as Internet Explorer, your email program, or any other program.

9. Never use your corporate or network password on an account over the internet which does not have a secure login where the web browser address starts with https:// rather than http://

10. Report any suspician of your password being broken to your IT computer security office.

11. If anyone asks for your password, refer them to your IT computer security office.

12. Don't use common acronyms as part of your password.

13. Don't use common words or reverse spelling of words in part of your password.

14. Don't use names of people or places as part of your password.

15. Don't use part of your login name in your password.

16. Don't use parts of numbers easily remembered such as phone numbers, social security numbers, or street addresses.

17. Be careful about letting someone see you type your password.

5.0 Password Requirements (subject to change) :

Those setting password requirements must remember that making the password rules too difficult may actually decrease security if users decide the rules are impossible or too difficult to meet. If passwords are changed too often, users may tend to write them down or make their password a variant of an old password which an attacker with the old password could guess. The following password requirements will be set by the IT security department:

1. Minimum Length - 8 characters recommended.

2. Maximum Length - 14 characters .

3. Minimum complexity - No dictionary words included. Passwords should use three of four of the following four types of characters:

1. Lowercase
2. Uppercase
3. Numbers
4. Special characters such as !@#$%^&*(){}[]

4. Passwords are case sensitive and the user name or login ID is not case sensitive.

5. Password history - Require a number of unique passwords before an old password may be reused. This number should be no less than 24.

6. Maximum password age - 60 days .

7. Minimum password age - 2 days .

8. Store passwords using reversible encryption - This should not be done without special authorization by the IT department since it would reduce the security of the user's password.

9. Account lockout threshold - 4 failed login attempts.

10. Reset account lockout after - The time it takes between bad login attempts before the count of bad login attempts is cleared. The recommended value as of the date of writing this article is 20 minutes. This means if there are three bad attempts in 20 minutes, the account would be locked.

11. Account lockout duration - Some experts recommend that the administrator reset the account lockout so they are aware of possible break in attempts on the network. However this will cause a great deal of additional help desk calls. Therefore depending on the situation, the account lockout should be between 30 minutes and 2 hours.

12. Password protected screen savers should be enabled and should protect the computer within 5 minutes of user inactivity. Computers should not be unattended with the user logged on and no password protected screen saver active. Users should be in the habit of not leaving their computers unlocked. they can press the CTRL-ALT-DEL keys and select "Lock Computer".

13. Rules that apply to passwords apply to passphrases which are used for public/private key authentication

6.0 Choosing Passwords :

Use password choosing tips as shown at http://www.comptechdoc.org/docs/ctdp/howtopass/ and be sure your passwords meet the minimum guidelines.

7.0 Enforcement :

Since password security is critical to the security of the organization and everyone, employees that do not adhere to this policy may be subject to disciplinary action up to and including dismissal.

8.0 Other Considerations :

Administrator passwords should be protected very carefully. Administrator accounts should have the minimum access to perform their function. Administrator accounts should not be shared.
الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو
A.Tamimi
Admin
avatar

Posts : 1593
أهمية العضو : 16
Join date : 13/11/2008
Age : 32
Location : Jordan

مُساهمةموضوع: رد: Password Policy   الجمعة ديسمبر 05, 2008 2:52 pm

الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو http://falcons.aforumfree.com
M.ALS3OD

avatar

Posts : 854
أهمية العضو : 0
Join date : 13/09/2009
Age : 24
Location : AMMAN

مُساهمةموضوع: رد: Password Policy   السبت سبتمبر 19, 2009 7:22 pm

يـــعـــطـــيـــك الـــعـــافـــيـــة

_________________
فــي تــوقــيــع بــس ......
الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو
 
Password Policy
استعرض الموضوع السابق استعرض الموضوع التالي الرجوع الى أعلى الصفحة 
صفحة 1 من اصل 1
 مواضيع مماثلة
-
» بين أيديكم 5180 كتاب
» System Lockdown Policy
» تحميل ESET Smart Security & Antivirus Business Editions 4.2.58.4 مع مفاتيح التسج
» طريقة تغير باسورد الايميل الخاص بك على الياهو الشرح بالصور
» Williams Obstetrics, 23rd Edition

صلاحيات هذا المنتدى:لاتستطيع الرد على المواضيع في هذا المنتدى
منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين :: ----§§§§ المنتديات التقنية والبرمجية §§§§---- :: قسم نظم التشغيل واللينكس-
انتقل الى: