[unisog] Windows 2K and XP security settings?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Jun 14 20:02:01 GMT 2002


On Fri, 14 Jun 2002 10:40:48 EDT, Gary Flynn said:

> 1) Enable account lockout on bad login attempts

Just keep in mind that this *does* have a DoS component to it - somebody
can lock you out of your own machine by intentionally blowing the password
several times in a row.  Remember to implement timeouts and/or a way to
get in to reset the state  - this is *especially* true for 'Administrator'.

(And yes, I've managed to lock myself out of my own system via similar means -
"account locked after 3 tries", "no root login via SSH", and a shift-lock key
conspired to make me drive in to work to unlock my userid at the console. ;)

Good idea - but remember to think it through. ;)

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20020614/26945d83/attachment-0007.bin


More information about the unisog mailing list