[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security standards

On Mar 14, 2005, at 10:32 PM, gelle@xxxxxxxxx wrote:
Since we don't audit desktop security (screensaver locking, etc) I wonder
about this risk of this, since they could be open over weekends, holidays,
etc. This seems like a big vulnerability to me.

I wholeheartedly agree. I'd suggest cutting off anyone's session that's been idle for longer than an hour or two. I'd suggest using something like these parameters in /etc/openssh/sshd_config (or whatever the equivalent is for Solaris):

ClientAliveInterval 300		#every 5 minutes
ClientAliveCountMax 18		#5 min. x 18 tries == 90 minutes

These are totally arbitrary values. But seriously, how difficult is it to enter your username and password to login again?

- Willie

Willie Northway                  University of Michigan Webmaster Team
http://willienorthway.com/       http://www.umich.edu/~umweb/