| 
The following are general "common sense" guidelines
for protecting the passwords on a Novell
NetWare system. Long Passwords
Passwords should be a minimum of 8 characters and include non-alpha
characters (letters besides A-Z). A long password is more difficult to
guess or crack. In general terms, a short password can be cracked almost
instantaneously, while a longer password could take several thousand
years.
Change Passwords Frequently
Users should never be allowed to keep the same password for an extended period
of time. In the event that a malicious user or intruder does find someone's
password, it will become worthless if the users are changing their passwords
regularly.
Force Unique Passwords
Some users have figured out that they can rotate back and forth between
two different passwords each time they are required to make a change.
This is almost as bad as not changing the passwords at all.
Passwords and Sticky Notes
Under no circumstances whatsoever should an employee write their
user ID and password on a sticky note and tack it to the monitor. Don't
make it so easy for a bystander, the janitor, or a malicious coworker
to gain unauthorized access. All employees should be instructed to keep
their User ID's and passwords private.
Administrator Passwords
Password guidelines for administrators should be even more strict than regular
users. Longer, more complex, and changed regularly. Furthermore, use a
variety of passwords for different things. For example, if you have an "Admin" account,
make the password different than the remote console password and SNMP community
strings.
You can find out how to enforce
these restrictions here. |
