[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security standards
On 14 Mar 2005, at 23:51, Willie Northway wrote:
On Mar 14, 2005, at 10:32 PM, gelle@xxxxxxxxx wrote:
Since we don't audit desktop security (screensaver locking, etc) I
about this risk of this, since they could be open over weekends,
etc. This seems like a big vulnerability to me.
I wholeheartedly agree. I'd suggest cutting off anyone's session
that's been idle for longer than an hour or two. I'd suggest using
something like these parameters in /etc/openssh/sshd_config (or
whatever the equivalent is for Solaris):
ClientAliveInterval 300 #every 5 minutes
ClientAliveCountMax 18 #5 min. x 18 tries == 90 minutes
These are totally arbitrary values. But seriously, how difficult is
it to enter your username and password to login again?
This seems like a technical solution to a human problem. Is it too
much to ask people to log out of limited access machines when they are
not actively using their connections?