IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
- Intruder attempt reset interval
When this option is active, incorrect attempts at logging into a user account
can be traced back through a specified time period. If the number of
incorrect attempts at logging into a user account within the defined period
exceeds the value set under "Incorrect login attempts", the user account is
disabled (provided that the option titled "Lock account after detection" is
active).
- Lock account after detection
This menu item should always remain active, in order to disable user
accounts for which the maximum permissible number of incorrect login
attempts has been exceeded.
- Intruder lockout reset interval
The time interval specified here should always be sufficiently long (> 1
hour), in order to ensure that the reasons for any intruder lockout (i.e.
disabling of a user account) can be ascertained by the system administrator
and the affected user.
Additional controls:
- Have users been informed on how to handle passwords correctly?
- Is the password quality controlled?
- Are password changes mandatory?
- Has every user been provided with a password?
- Has a user template been generated? Have security aspects been taken into
account here?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000