[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security standards
I've been trying to get people to take the simple precaution of closing
idle sessions for years and, apart from having one employee compare me
unflatteringly to his toddler son, I've basically had no response.
never mind that an idle session (on a locked terminal) is how
monkey.org got hacked, remotely a few years ago.
On Mar 14, 2005, at 11:51 PM, Willie Northway wrote:
On Mar 14, 2005, at 10:32 PM, gelle@xxxxxxxxx wrote:
Since we don't audit desktop security (screensaver locking, etc) I
about this risk of this, since they could be open over weekends,
etc. This seems like a big vulnerability to me.
I wholeheartedly agree. I'd suggest cutting off anyone's session
that's been idle for longer than an hour or two. I'd suggest using
something like these parameters in /etc/openssh/sshd_config (or
whatever the equivalent is for Solaris):
ClientAliveInterval 300 #every 5 minutes
ClientAliveCountMax 18 #5 min. x 18 tries == 90 minutes
These are totally arbitrary values. But seriously, how difficult is it
to enter your username and password to login again?
Willie Northway University of Michigan Webmaster Team
... being a rock I am without movement ...