RFC 2179 (rfc2179) - Page 2 of 10
Network Security For Trade Shows
Alternative Format: Original Text Document
RFC 2179 Network Security For Trade Shows July 1997 Tips: * Educate sales and support staff regarding system logins, especially "root" or other privileged accounts. * Identify individuals who are not using exhibit systems for their intended purpose, especially non-booth personnel. * Request identification from anyone wishing to access systems for maintenance purposes unless their identities are known. System Security This section discusses technical security procedures for workstations on the vendor network. Although specifics tend to be for Unix systems, general procedures apply to all platforms. Password Security Lack of passwords or easy to guess passwords are a relatively low- tech door into systems, but are responsible for a significant number of breakins. Good passwords are a cornerstone of system security. By default, PC operating systems like Windows 95 and MacOS do not provide adequate password security. The Windows login password provides no security (hitting the "ESC" key allows the user to bypass password entry). Password security for these machines is possible, but is beyond the scope of this document. Tips: * Check /etc/passwd on Unix systems and the user administration application on other systems for lack of passwords. Some vendors ship systems with null passwords, in some cases even for privileged accounts. * Change passwords, especially system and root passwords. * Mix case, numbers and punctuation, especially on privileged accounts. * Change system passwords on a regular basis. * Do not use passwords relating to the event, the company, or products being displayed. Systems personnel at Networld+Interop, when asked to assist booth personnel, often guess even root passwords! Gwinn Informational
