MET CS695 Assignment Information: The following is an extract from a corporate security policy (list 1): 10.5.2Logon Procedures It is the responsibility of service providers, system administrators, and application developers to implement logon procedures that minimize opportunities for unauthorizedaccess . Thresholds and time periods are to be defined by the Trustee. Logon procedures should be enabled that disclose the minimum of information about the system, application, or service in order to avoid providing an unauthorized user with unnecessary assistance.Logon procedures should: •Not display system or application identifiers until the logon process has been successfullycompleted •Notdisclose/displayonthescreenthepasswordenteredduringlogin •Display a ABC specific warning that the computer and/or application should only be accessed byauthorized users (see Section 10.5.2.1) •Not provide help messages during the logon procedure that would aid an unauthorized user •Internet based systems must only request authentication credentials via HTTP POST method usingencryption such as HTTPS/TLS version 1. •Validate the logon information only on completion of all input data. If an error condition arises, the system should not indicate which part of the data is correct or incorrect •Limit the number of unsuccessful logon attempts allowed before an access denial action is taken. Three attempts are recommended and in no circumstance should more than six be allowed •Establish thresholds for the maximum number of denial actions within a given period before furtherunsuccessful logon attempts are considered a security relevant event. Six attempts by the samelogon ID or requesting device in a 24 hour period should be set as an upper threshold. Exceedingestablished thresholds should cause one or more of the following: •The authentication device is suspended or rendered inoperable until reset •The authentication device's effectiveness is suspended for a specified period of time •
Want to read all 3 pages?
Previewing 2 of 3 pages Upload your study docs or become a member.
Want to read all 3 pages?
Previewing 2 of 3 pages Upload your study docs or become a member.
End of preview
Want to read all 3 pages? Upload your study docs or become a member.