[45180] in North American Network Operators' Group
Re: Network Security Policies
daemon@ATHENA.MIT.EDU (Josha Bronson)
Mon Jan 21 12:48:47 2002
Date: Mon, 21 Jan 2002 09:47:37 -0800
From: Josha Bronson <dmuz@slartibartfast.angrypacket.com>
To: "Hauser, Dewitt C, IV (Clint), SOBUS" <dchauser@att.com>
Cc: "'nanog@nanog.org'" <nanog@nanog.org>
Message-ID: <20020121094737.A42195@slatibartfast.angrypacket.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <EFF7B31AE54F6D418027A8FAF94252C6FAB26A@gcscexc4>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, Jan 21, 2002 at 12:13:18PM -0500, Hauser, Dewitt C, IV (Clint), SOBUS said:
> At the moment, we're firming up our policy on access to Networking Devices
> and the like. In support of this, I'm looking for any links to white papers
> or other such sources that discuss/support the following things:
>
> - Limiting the number of people with access
> - Scheduled password change/rotation
> - Password change when someone with access leaves
RFC 2196: Site Security Handbook
http://sunsite.dk/RFC/index2101.html#2196
Excellent document. I found it to be invaluable when developing security
policies.
Cheers,
--
Josha Bronson
dmuz@angrypacket.com
AngryPacket Security
