| phn@icke-reklam.ipsec.nu 2004-12-06, 2:47 am |
| Carol <googlemail2003@yahoo.com> wrote:
> Denial of service is not a problem. Our machine is on an internal
> network only.
Exactly how would that protect against attacks ? Emplyoees are known
to be hostile sometimes ..
> It does log failed login attempts.
> What we are trying to do is standard in all large companies for their
> employees. It's also standard for health sites and bank sites. Too
> many incorrect login attempts disables the account.
There is no such "standard".
> I know there are ways to do this manually which would require writing
> our own login script. What I'm after is a system function that does
> it. I believe it's there I just don't know where to look.
> This request is becoming a company standard. It's a huge health
> insurance company with about 60,000 employees. They want to
Whats huge with that ?
> standardize procedures in all offices (good luck!). Anyway, someone
> will be coming to scrutinize our security methods and this has to be
> one of them. Believe me I wouldn't be doing this if I didn't have to.
You should not be doing things 'cause' some teenager "security officer" says so.
You should be doing things that is "Good for your Health" and in
agreement with "recogniced best practices".
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
|