Information Technology Reference
In-Depth Information
/etc/rc5.d:
total 4.0K
-rw-r--r-- 1 root root 677 Jul 26 2012 README
lrwxrwxrwx 1 root root 15 Nov 28 2012 S15bind9 -> ../init.d/bind9
lrwxrwxrwx 1 root root 20 Nov 28 2012 S20apt-cacher -> ../init.d/apt-cacher
lrwxrwxrwx 1 root root 17 Nov 26 2013 S20foreman -> ../init.d/foreman
..
/etc/rc6.d:
total 4.0K
lrwxrwxrwx 1 root root 17 Mar 7 2013 K08tomcat7 -> ../init.d/tomcat7
lrwxrwxrwx 1 root root 17 Nov 28 2012 K09apache2 -> ../init.d/apache2
..
Secure User Credentials
User credentials are a combination of two or more pieces of information, some or all of
which are stored in encrypted state. User credentials usually involve username, password,
and/or security questions. Credentials are used to access target systems such as hosts, appli-
cation servers, databases, and logs to view or run tasks and management activities.
To apply and maintain secure user credentials, companies and organizations implement
a strong password policy. A password policy can be defined as a set of rules dictating pass-
word requirements and how passwords must be set. These rules are designed to encourage
users to employ strong passwords and use them properly (
http://en.wikipedia.org/wiki/
Password_policy
). A password policy is usually a part of official regulations or even part
of the employee contract.
There are two main types of password policies:
Advisory Policy
An advisory policy is not implemented by technical means and is only
meant to be a guideline.
Mandated Policy
A mandated policy is technically implemented and can have different
requirements before a password can be set and accepted. Some of these requirements are
using upper- and lowercase letters, numerical digits, and special characters and discourag-
ing the use of dictionary words.
The number of requirements for a password policy defines its complexity. The level of
complexity of a password policy determines its level of popularity and success. A down-
side to a complex password policy is that it can be much harder to enforce and maintain.
An organization must find the right balance between security and complexity to enable
adaptation.
Search WWH ::
Custom Search