>That's quite a list of improvements. I am actually saving it as a >reference.
I've done quite a bit of it already, but there is always room for improvement. Would you believe that everyone had the same password when I got here? Speaking of passwords, I forgot to add: 25) Require passwords meet complexity rules, and be changed on a regular basis. >What about physical server security, backups, backup tape storage and >access? Don't know if these are even an issue, but I figured I'd drop >them >in just in case. I have considered physical security, but I forgot to add it to my list, good point. I have a backup plan, and while I consider backups very important, I didn't really think they were part of my security setup, other than as part of the physical security issue, and virus scanning. So to sum up: 26) Ensure physical security prevents unauthorized access. Oh, and I've been removing the cd-rom and disk drives from the workstations to help prevent software installation. I guess that's: 27) Remove external input devices such as cd-roms and disk drives where possible Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "I have found the way, and the way is Perl." _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com
