Tip

Implementing network password security

Implementing network password security
Adesh Rampat

Setting up a logon password for a user to access network resources is a security feature that most organizations have implemented as a standard security practice.

When implementing a network logon password for a user, the network administrator needs to consider the following:

  • Prohibit the sharing of Logon passwords amongst employees.

  • Do not use the default logon dialog box that comes with WINNT. If someone needs your password, a dialog box similar to WINNT logon can easily be created and can be used to collect passwords.

  • Set password length for each user between six to eight characters.

  • Avoid creating a logon dialog box that has "Welcome to ABC Company." This can be a "welcome" sign for someone who wants to access the network.

  • As a precaution, hide sensitive folders or servers from the network. Unauthorized users browsing the network would not see it and try hacking into it.

  • Apply user account lockout after 3 logon attempts.

  • All passwords must have a thirty-day lifespan, after which the user will be prompted to change the password.

  • Whenever a user forgets his/her password, Help Desk personnel must change it to a default password. Have the user logout from the network and logon again with the default password, which will prompt the user to change it when the default password

    Requires Free Membership to View

  • is entered.

  • ALL temporary user accounts must have an expiration date.

  • ALL users must logoff from the network at the end of the work day or when they leave their desks.

  • If there are remote users who need access to the network have a separate password for dial-in and for access to the network. The lifespan for these passwords should be shorter than the thirty days for users of the network.

  • Implement an audit trail for all user accounts so that you can track who is accessing the network.


Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Did you like this tip? Whether you loved it or hated it, why not let us know? Email us to sound off, or go to our tips page to rank this and other tips, or to submit one of your own.

Related Book

MCSE Training Kit: Designing Microsoft® Windows® 2000 Network Security
Author : Microsoft Corporation
Publisher : Microsoft Press
ISBN/CODE : 0735611343
Cover Type : Hard Cover
Pages : 864
Published : Jan 2001
Summary :
Make the right design decisions to protect your business network--and prepare for the Microsoft® Certified Professional (MCP) exam--with this official Microsoft study guide. Work at your own pace through a system of case-study scenarios and tutorials to gain practical experience planning the security infrastructure for a Windows® 2000 network. As you build these real-world design skills, you're also preparing for MCP Exam 70-220--a core credit* on the Windows 2000 MCSE track.


This was first published in March 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.