Depending on the audit you can file a compensating control if the account uses a secure means of login. (such as ssh) and restrict where the accounts can login from and what commands the account can run. Without giving too much info what are these generic accounts used for?
On Jun 4, 2010, at 1:59 AM, Cezar Spatariu Neagu <[email protected] > wrote: > Hi all, > > I would like to ask you all about some "best practices" regarding > generic users. I had an internal audit that point out that i do use > generic users. > My solution before this was to create many of them with very few > rights. > And I have some that I use in configuration files and I can not change > the password. > How shall I treat this issue? > > Thank you for the your inputs. > > Cezar Spatariu > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
