Account Lockout Policy Design Guidelines
When designing the account lockout policy, follow these
CCNA certificationguidelines:Set account lockout duration to
a few minutes. This does prevent casual attacks, and
if auditing is set and properly reviewed, it can warn that an attack is underway. It also avoids the load on administrator time and the lost user
productivity if users who lock out of their accounts must wait for them to be reset by someone else.
Consider whether you have enough staff to attend to manually resetting accounts.Set account lockout threshold high. If users make a few mistakes, they will
not be locked. A good number is 25 because it's probably way beyond any number of
attempts a valid user will make before asking for his password to be reset. However, it will stop an intruder, who will need many more attempts than that.
Alternatives to Password-Based Authentication Because password-based authentication is subject to many human weaknesses, you must be aware of and ready to
recommend alternatives to password authentication. Many alternatives exist that provide the opportunity to require two factors: something the user must
possess and something the user must know. Alternatives consist of:Smart cardsSmart card support is built into Windows Server 2003- It replaces the
use of passwords with a plastic card and a personal identification number (PIN) and requires the implementation of certificate services. Smart card usage can
be configured to require logoff when removedthus preventing it from being sharedand if users need the card elsewhere, they can ensure logoff when users
leave their computers. Smart cards can be used in remote scenarios as well. Smart cards can also provide the solution for when specific groups require
stronger authenticationsmartcards can be used by administrators, while ordinary users continue to
Microsoft examuse
passwords.
BiometricsBiometric authentication systems use some part of the human body to prove that the individual requesting access is who he or she claims to be.
Facial or voice recognition, keyboard stroke analysis, fingerprints, retinal scans, hand geometry, and more are being successfully used.TokensRSA tokens,
which provide a changing number synchronized with a server, provide a solid alternative to passwords. Other token systems, store certificates on small
universal serial bus (USB) connectable devices.Alternatives to passwords can be used to strengthen authentication practices, but their cost must be weighed
against their benefits.
Practice: Designing a Strong Password and Account Policy
In this practice, you will design a strong password and account policy. Read the following scenario and then answer the question that follows. If you are
unable to answer the question, review the lesson materials and try the question again. You can find the answer to the question in the "Questions and Answers"
section at the end of this chapter.
Scenario
You are a security designer for Wingtip Toys. The company plans to implement a separate Windows Server 2003 domain for use by the research department. The
only individuals who will have access to resources in the domain are:
25 toy designers
35 research department support staff employees
members of the Enterprise Admins group
All computers in the research domain are either Windows Server 2003 or
MCITP Enterprise Administrator. It is crucial
that the information in the research domain be kept confidential.
by: yvonne
Building Structural Design For Steel, Wood & Concrete Material Framing Cheap Monthly Contracts - Newly Designed Advanced Offers Japanese Fashion Design Style Architects & Interior Design Services - The Growing Prospect Ghd Iv Styler Could Be The Best Alternative Available For You The Brilliance Of Banner Stands Web Design Company in India Web Design Tips To Keep In Mind Shaft Grinding Process Design: Flexible Manufacturing Is The Core Interface Design Terms Explained: Findability Principles Of User Interface Design Contemporary Artwork For A Fresh Look Empresários da IED e consultores de design marcaram presença na Feira do Empreendedor 2010