Educause Security Discussion mailing list archives

Re: Account Lockout Policies

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 11 Jul 2006 15:56:01 -0400

On Tue, 11 Jul 2006 15:45:23 EDT, "Cheek, Leigh" said:

If the lockout duration is set to the Administrator Unlocks (0), then
you set yourself up for a denial of service attack. As an information
system auditor, I use the Center for Internet Security or NIST as my
guides for best practices.


As one of the un-indicted co-conspirators :) of the CIS stuff (I didn't
do the Windows one, but was involved in the Solaris, RH Linux, and AIX
ones), I'm always glad to see the CIS guides serving a useful role in
the BCP arena.. Thanks for the vote of confidence...

Attachment: _bin
Description:

Current thread:

Account Lockout Policies Saburo Usami (Jul 11)
- <Possible follow-ups>
- Re: Account Lockout Policies Eric Brewer (Jul 11)
- Re: Account Lockout Policies Graham Toal (Jul 11)
- Re: Account Lockout Policies Cheek, Leigh (Jul 11)
- Re: Account Lockout Policies Valdis Kletnieks (Jul 11)
- Re: Account Lockout Policies Cheek, Leigh (Jul 11)
- Re: Account Lockout Policies Randy Marchany (Jul 11)
- Re: Account Lockout Policies Gary Flynn (Jul 11)
- Re: Account Lockout Policies Gary Dobbins (Jul 11)
- Re: Account Lockout Policies Valdis Kletnieks (Jul 11)
- Re: Account Lockout Policies Russell Fulton (Jul 12)
- Re: Account Lockout Policies jack suess (Jul 12)
- Re: Account Lockout Policies Gary Flynn (Jul 13)
- Re: Account Lockout Policies Jonny Sweeny (Jul 14)
- Re: Account Lockout Policies Graham Toal (Jul 14)