Educause Security Discussion mailing list archives
Re: Account Lockout Policies
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 11 Jul 2006 15:56:01 -0400
On Tue, 11 Jul 2006 15:45:23 EDT, "Cheek, Leigh" said:
If the lockout duration is set to the Administrator Unlocks (0), then you set yourself up for a denial of service attack. As an information system auditor, I use the Center for Internet Security or NIST as my guides for best practices.
As one of the un-indicted co-conspirators :) of the CIS stuff (I didn't do the Windows one, but was involved in the Solaris, RH Linux, and AIX ones), I'm always glad to see the CIS guides serving a useful role in the BCP arena.. Thanks for the vote of confidence...
Attachment:
_bin
Description:
Current thread:
- Account Lockout Policies Saburo Usami (Jul 11)
- <Possible follow-ups>
- Re: Account Lockout Policies Eric Brewer (Jul 11)
- Re: Account Lockout Policies Graham Toal (Jul 11)
- Re: Account Lockout Policies Cheek, Leigh (Jul 11)
- Re: Account Lockout Policies Valdis Kletnieks (Jul 11)
- Re: Account Lockout Policies Cheek, Leigh (Jul 11)
- Re: Account Lockout Policies Randy Marchany (Jul 11)
- Re: Account Lockout Policies Gary Flynn (Jul 11)
- Re: Account Lockout Policies Gary Dobbins (Jul 11)
- Re: Account Lockout Policies Valdis Kletnieks (Jul 11)
- Re: Account Lockout Policies Russell Fulton (Jul 12)
- Re: Account Lockout Policies jack suess (Jul 12)
- Re: Account Lockout Policies Gary Flynn (Jul 13)
- Re: Account Lockout Policies Jonny Sweeny (Jul 14)
- Re: Account Lockout Policies Graham Toal (Jul 14)