Beruflich Dokumente
Kultur Dokumente
CHAPTER 4
Password policy
Using your last name or the name of your pets as
your password and never changing it poses a
security risk.
To be strong, it is best if your password contains
characters from three of the following four
categories :
Account policy
Do not disclose a computers identity until login
is completed successfully.
Set up the operating system so that the system
login screen does not identify the computer
system by name or function until after login is
complete.
Unauthorized personnel do not need to know the
identity of machines unless they need to use
them.
Audit policy
An audit log records an entry whenever users
perform certain specified actions.
For example, the modification of a file can trigger
an audit entry that shows the action that was
performed, the associated user account, and the
date and time of the action.
Success audit or failure audit
User rights
Allow users to perform tasks on a computer. User rights
include log on rights and privileges.
Logon rights control who is authorized to log on to a
computer and how they can log on.
Privileges control access to computer and domain resources
An example of a logon right is the ability to log on to a
computer locally.
An example of a privilege is the ability to edit a document.
Both types of user rights are assigned by administrators to
individual users or groups as part of the security settings
for the computer
PATCH
HOTFIX
http://www.microsoft.com/technet/security/b
ulletin
/MS00-063.asp
http://www.microsoft.com/technet/security/b
ulletin
/MS01-044.asp
Unicode .asp
Source Code
Disclosure
http://www.securityfocus.com/vdb/
CHAPTER
4
CHAPTER
4