The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.
All employees (including contractors and vendors with access to systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any PB facility, has access to the PB network, or stores any non-public PB information.
- All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a quarterly basis.
- All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every six months. The recommended change interval is every four months.
- User accounts that have system-level privileges granted through group memberships or programs such as “sudo” must have a unique password from all other accounts held by that user.
- Passwords must not be inserted into email messages or other forms of electronic communication.
- Password access is to be given out on a need to know basis only at the discretion of the CTO or Communications Director.
- Where SNMP is used, the community strings must be defined as something other than the standard defaults of “public,” “private” and “system” and must be different from the passwords used to log in interactively. A keyed hash must be used where available (e.g., SNMPv2).
- All user-level and system-level passwords must conform to the guidelines described below.
Proxy Server Policy
A proxy server typically resides between server and user, for both offensive and defensive purpose. When deploying a proxy server, the following checklist must make sure as:
- Logging facility should be enabled for all services
- Never allow the proxy to accept outside connection.
- The proxy must be running with the most up-to-date patches and software.