-
December 1st, 2005, 01:48 AM
#1
Member
dormant accounts
hi
auditors mostly recommends to administrators to remove dormant accounts that have not logged in for many months. Can i ask the experts here, if these accounts are disabled and dormant at the same time, any ways to use them to break anything? I ask this because if there is no way to break, then we could leave these disabled & dormant accounts as they are. Right?
another qns, If these accounts are configured to be locked after say, 5 tries unsuccessful, and someone tries to break in using an account and gets the account gets locked out, can he/she try other means? what are some other means then? If not, configuring "lock outs" in security policies is a good way to deter brute force right ?
thanks for any advice.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|