|
Hazard |
What we at Duke can do about it |
|
Shared passwords |
Educate our community that sharing is inappropriate and potentially dangerous. One person per account. As alternative to shared accounts for e-mail, encourage the use of mail distribution lists and/or departmental (shared) mailboxes. Use RACF or AFS ACLs to allow multiple user access to files. Use "groupware" (such as Lotus Notes or calendar software) for other collaboration of workflow. |
|
Sniffers |
Use hardware encryption. Use software encryption. Install switched port hubs. Distribute secure tools (ssh, etc.) and encourage their use. |
|
Password carelessness |
Educate our community. Publicize good techniques (@=A, $=S, etc.) and avoidance of common/guess-able passwords. Institute password rules (force change at initial logon, force change every N days, disallow password reuse) |
|
Unattended workstations |
Educate our community. Use logoff timeouts, locking screen savers |
|
Insecure workstations |
Educate our community. Use kerberos authentication on public PCs and Macs |
|
Too many IDs/passwords |
Educate our community. Encourage routine system-wide password changes. Implement a single sign-on system. |
|
Impersonation and forgery |
Educate our community. Require authentication at workstation. SMTP connections accepted only from authenticated stations. |
|
Passwords stored in files |
Educate our community about proper configuration of applications (e.g.: Eudora) and login scripts. |
|
Laptop computers (theft and improper use) |
Educate our community. |
|
The World Wide Web |
Use secure servers, SSL |
|
File insecurity |
Educate our community. Use RACF and extended file protection features of AFS. Keep definitions/ACLs as simple as possible. Use suitable backup strategies. |
|
Viruses and hoaxes |
Educate our community. Use anti-virus software. |