Course Overview Section 1 Section 2 Section 3 Section 4 Search Site Contact Us

SECTION 3

Part A1 Part A2 Part B1 Part B2 Part B3 Assignments

---

 

 

Server Administration - Security in User Manager

In a Nutshell - CIW Course Section 3, Part A2, Chapter 5

 

Are you aware how susceptible your network might be to attack? Try installing Zone Labs firewall which reports on intrusion attempts. You will find, I certainly did, that your external IP address will be almost constantly pinged. What causes this? Well, one possible explanation would be an automated sniffer, randomly pinging addresses looking for a network with a security opening. It certainly made me stop and think.

Account Lockout Policy

Having an account lockout policy is another tool in the armoury for the fight against would-be hackers. This will disable a user account after a set number of failed login attempts. Password crackers often make multiple attempts to login to an account as a way of trying to find the correct password. Disabling the account after a number of failed attempts, will thwart the crackers efforts.

Account Lockout settings can be found in the Local Security Policy MMC snap-in which we have looked at in earlier chapters.

Lockout Threshold

Sets the number of failed login attempts that will be permitted before the accounts is locked out. Don't worry about the Effective Setting shown above. This screen-shot came from a Windows 2000 server which is a member of a domain and the domain settings are overriding the local settings.

Lockout Duration

Sets the period of time that the account will remain locked out after the lockout threshold has been exceeded.

Reset Account Lockout Counter

Resets the counter that is used to track bad login attempts. The counter can be reset by a successful login or by this timeout setting. If only 2 bad logins have been attempted within the 30 minutes shown above, the counter will reset to zero, allowing a further 30 minutes for further login attempts.

Local Policies

All of the local policies we have looked at here, and in earlier chapters, apply to an individual machine and all users who log on to this machine. If a network has many machines, these policies have to be applied at each machine.

Active Directory is used on a Windows 2000 domain and can apply similar settings, and many more, that will apply to all machines and users in the domain.

Site Map CIW Books JavaScript Books Perl Books Acronyms MyODBC CSS SQL Hosting

Design by Stephen

Certified Internet Webmaster

Page last Edited: 16 Nov 2011