Journal For Week of August 23, 2004
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Monday August 23, 2004
I have been thinking about how we have no defined plan to deal with situations like last week when several laptops were stolen. User accounts at the very least should have passwords changed ASAP and computer accounts disabled. So I have made a draft document outlining what to do with various user and computer accounts in the case of computer theft. Where an account can be disabled it should be disabled and where disabling an account is not an option the password is to be changed. The computer account in Active Directory is to be disabled as well. When the user affected gets a replacement computer, accounts are to be enabled and passwords changed. I also put a password guideline on the second page.
General Password Construction Guidelines Passwords are used for various purposes at Gienow. Some of the more common uses include: user level accounts, web accounts, email accounts, screen saver protection, voicemail password, and local router logins. Since very few systems have support for one-time tokens (i.e., dynamic passwords which are only used once), everyone should be aware of how to select strong passwords. Poor, weak passwords have the following characteristics: · The password contains less than eight characters · The password is a word found in a dictionary (English or foreign) · The password is a common usage word such as: · Names of family, pets, friends, co-workers, fantasy characters, etc. · Computer terms and names, commands, sites, companies, hardware, software. · The words "Gienow", "sanjose", "sanfran" or any derivation. · Birthdays and other personal information such as addresses and phone numbers. · Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc. · Any of the above spelled backwards. · Any of the above preceded or followed by a digit (e.g., secret1, 1secret) Strong passwords have the following characteristics: · Contain both upper and lower case characters (e.g., a-z, A-Z) · Have digits and punctuation characters as well as letters e.g., 0-9,
!@#$%^&*()_+|~-=\`{}[]:";'<>?,./) · Are at least eight alphanumeric characters long. · Are not a word in any language, slang, dialect, jargon, etc. · Are not based on personal information, names of family, etc. · Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation. NOTE: Do not use either of these examples as passwords!
The above is from a template supplied by The SANS Institute.
My draft policy and procedure is done and off to other members of the technical support team for comments and critic.
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Tuesday August 24, 2004
Blah another day with no sunshine.
I learned today that the ISP that hosts our email has been on a spam blacklist at least 4 times. I learned this by looking a the error message a user got when trying to email a vendor. A little research based on info in the auto reply from the email server located the spam list. I informed the VP of IT of this in case the issue becomes a problems for us.
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Wednesday August 25, 2004
Windows XP Pro Service Pack 2 is suppose to show up in Windows Update today. So far I have not seen it there and one report said it would go live at 12 P.M. U.S. time to which I have to say "What the !@#$" is U.S. time?
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Thursday August 26, 2004
<rant>I just don't understand the community at work. The key applications for the business which use an Oracle backend were running very slow and no one said anything to me. At the same time I was having backup issues with the same Oracle server, but did not know about the other issues. The backup problem which runs across the network was experiencing very poor through put. The switch and the server said that there was a 100 Mbps connection so I had not looked at the network part of things closely till this morning. In an effort to pin point the problem I tried just copying a file off another server to the Oracle server. The copy speed was very very bad. So I manually set the port on the switch to 100 full duplex and did another file copy test which was over a 100% better and the backup is now running properly.
The other day I had reported to most of the IT department that I was having backup problems on the Oracle server and asked if anyone was seeing any other issues with the server and got no reply other than my boss saying that the backup needed to be fixed.</rant>
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Friday August 27, 2004
I have been lately working very slowly and inconsistently at updating my resume. I read a little blurb online the other day about resumes. It made sense but I did not do anything with the info. So today I went and found the article again and sent the link to myself so I can try using the idea on my resume. Hell ya never know when a good up to date copy of your resume might come in handy.
I have been spending too many lunch hours working at my desk. A while back I was getting away from my desk and reading at noon. I grabbed a few computers that came into the storage room after the last round of upgrades and am thinking of setting up a little lab I can play in at lunch time. At the moment I am thinking of setting up a CheckPoint firewall and Management station to play with.
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Saturday August 28, 2004
Mon / Tue / Wed / Thu / Fri / Sat / Sun
Sunday August 29, 2004
Copyright © 1999 - 2004 John Doucette. All Rights Reserved
Find Employment Via the Internet