An Introduction To
Objective: To prevent unauthorised access to operating systems.
Access to the operating system should be controlled.
Secure log-on procedures
Access to operating systems should be controlled via a secure log-on process.
User identification and authentication
All users should have an unique identifier for their personal use so that all activities can be traceable to responsible individuals. A suitable authentication technology (or technologies) should be in place to substantiate the claimed identity.
Password management system
An effective password system should be used to authenticate users.
Use of system utilities
The use of system utilities must be restricted and tightly controlled.
Sessions should be set to time out to prevent access by unauthorised persons.
Limitation of connection time
Restrictions of connection times should provide additional security for high-risk applications.
The Security Practitioner
An Introduction to Information Security