Tuesday, November 25, 2008

Always Follow Password Policy for Secure Password...!!!


a. Change temporary passwords at the first log-on.


b. Select quality passwords with a minimum of 8 characters which are:

  • · Easy to remember
  • · Not based on anything somebody else could easily guess or obtain using person related information, e.g. names, telephone numbers and date of birth etc.
  • · Free of consecutive identical characters or all numeric or all-alphabetical groups.
  • · Passwords used in 3 or 5 previous cases should not be used again.
  • · Avoid keeping a paper record of passwords and user should not divulge passwords to other users. Authorized users are responsible for the security of their passwords.
  • · Change passwords at regular intervals maximum password age is 42 Days and also do the same whenever there is any indication of possible system or password compromise.
  • · Do not include passwords in any automated log-on process, e.g. stored in a macro or function key.
  • · If it is required to maintain multiple passwords for accessing multiple services or platforms it is advisable to use a single quality password for all services that provide a reasonable level of protection for stored password.
  • · User account would be locked in case of 5 unsuccessful retries.
  • · To enhance security password complexity has been enabled.
  • · Password will not be accepted if it contains all or part of the username.
  • · Password will be accepted only if it contains 3 of the 4 following character groups.
    - A to Z
    - a to z
    - 0 to 9
    - Special Characters i.e.! ^ $ *

c. To ensure security and avoid the spread of viruses, users accessing the Internet through a computer attached to Company’s network must do so through an approved Internet firewall or other security device. Bypassing Company’s computer network security by accessing the Internet directly by modem, CDMA, GPRS or other means is strictly prohibited unless the computer you are using is not connected to the Company’s network. If this is required for official reasons then permission must be sought explicitly from IT Department.

d. All hosts used by the employee that are connected to the organization’s Internet/Intranet/Extranet, whether owned by the employee or the organization, shall be continually executing approved virus-scanning software with a current virus pattern/signature. In case Antivirus software is missing from users PC and Server then IT should be informed immediately.

e. Port scanning or security scanning is strictly prohibited.

f. Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty is prohibited.

g. Installation of any wireless (Wi-Fi LAN etc) equipment in the company premises or its close proximity is not allowed without the prior permission.

h. Users are prohibited from using modems for inbound access to the organization’s systems. In outbound dialup under certain cases where it is essentially required for official reason, permission from IT should be taken.

i. Personal chatting on Internet is disallowed. In special cases, where chatting with external client is required, authorization is given by the project manager which is further approved by Head – Software Development.

Monday, November 17, 2008

What is Hacking ?

Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target.