[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

security standards



During the investigation into the imap frontend transcript, I noticed
that some people are in the habit of leaving csh sessions to sixthday
open on their desktops.  I am guessing that much of the time they are
su'd to root or radmind, since that is about the only useful way to be
on the machine. The record seems to be 90 days.

Since we don't audit desktop security (screensaver locking, etc) I wonder
about this risk of this, since they could be open over weekends, holidays,
etc. This seems like a big vulnerability to me.


Am I being too anal?
gabi