system.

Passwords should:
Be 12 or more characters in length on Windows systems, 8 characters in length on UNIX
Include upper and lower case letters, numbers, and special characters
Not consist of dictionary words
Be changed regularly (every 30 to 90 days)
For UNIX, be encrypted and stored in the /etc/shadow file (for some UNIX systems) with permissions set to 400 with ownership by root and group sys. The /etc/passwd file should have permissions 644 with owner root and group root.
Be cracked every month to find users choosing easily guessed or cracked passwords For UNIX, lock the following accounts by placing a *LK* in encrypted password field in /etc/shadow: adm, bin, daemon, listen, lp, nobody, noaccess, nuucp, smtp, sys, uucp. These accounts should not have login shells, rather they should be set to /dev/null.

Do Not Run Code From Non-Trusted Sources For the most part, software applications run in the security context of the person executing them without any consideration to source. A PKI infrastructure may help, but when not available remember that spoofing the “From” line of an e-mail message and disguising URLs
Next topic
Previous topic