As promised I am trying to cover the topics I posted in my first post, now we are proceeding towards the User Security. We should consider the following while drafting the User Security policy.
“IS” CONSIDERED THE FOLLOWING:
1. Networked systems shall update regularly with the latest vendor patches for all software executed on Workstations and Servers.
2. Users shall select passwords that cannot be found in a dictionary and that are of sufficient length that the probability of determining the password over a network shall take at least 160 hours. Currently, this is at least 8 characters but shall be automatically increased as technology allows.
3. All users passwords attached to a network wherein a compromise has occurred or is suspect shall be changed immediately.
4. Enable client operating system user profiles so that specific users and groups have their own security settings that reflect their level of trust in the network.
5. Force password changes often. Passwords should be valid for no longer than 30 days.
6. Train users to prevent mishaps, by doing things such as turning off a workstation that holds shared data when it is not required.
7. Execute a virus scanner automatically whenever a user logs onto the computer.
8. Use workstation user accounts and system policies to prevent individual users from controlling the security of their workstations.
9. Disable password caching so passwords do not accumulate on client computers.
10. Client computers shall be restricted such that their network settings may not be modified by nonadministrative personnel. Implement the following specific policies:
* Disable the network control panel for all users except administrator and trusted knowledgeable users.
* Disable the registry editing tools for all users except system administrators.
* Enable the shell restrictions for accounts that serve a particular purpose, such as public e-mail accounts, public word-processing accounts, process control, etc.
* Hide the general and details pages for printers in the network, disable deletion of printers,and disable the addition of printers.
* Hide the remote administration page and the user profiles page for all users except administrators.
11. Disable booting the A: drive in the BIOS and apply a password to the BIOS to keep the user from using a DOS boot floppy.
12. Hide the display settings page from everyone except administrators.
13. Limit the rights of default Administrators group, and create a separate group with full access.
14. Provide periodic security training for new and established employees alike. A periodic refresher keeps users aware of security problems.
15. Require alphanumeric passwords so that a hacker cannot quickly determine the password to a user account simply by performing a “dictionary scan.”
16. Modify the client operating system to boot directly to the allowed application or a menu restricted to allowed applications.
17. All users of workstation and pc’s are to ensure that their screens are blank when not to be used
18. Approving Login procedures must be strictly observed a users leaving their screen unattended must firstly lock access to their workstation because may be unauthorized systems may be gained via a valid user is and password.
19. Managing user access must be authorized by the owner of the system and such access,including the appropriate access rights or privileges must be recorded in an access control list. Such records are to be regarded as high confidential documents.
Personel Web Site:www.yasirirfan.com