Security Basics mailing list archives

RE: Workstation Screensaver Lock Timeouts

From: "Phillip McCollum" <PMcCollum () sanmanuel com>
Date: Tue, 30 Mar 2004 11:35:02 -0800

Hello,

At my current place of employment, we've standardized on 10 minutes.  I
work in a highly secure environment (Indian casino) where lots of
trouble can be stirred up by unauthorized workstation access, and we've
found the 10 minute interval to be a happy medium between security and
useability.


-----Mensaje original-----
De: saliskor () cyberus ca [mailto:saliskor () cyberus ca] 
Enviado el: viernes, 26 de marzo de 2004 14:31
Para: security-basics () securityfocus com 
Asunto: Workstation Screensaver Lock Timeouts



The security policy at one of my clients dictates that all
workstations
will activate password protected screensavers after a period of user
inactivity.  The policy does not state what the timeout period is, in
order to allow the organization some flexibility.

My questions are:

Is there an industry norm for the timeout? What timeout do you think
is
appropriate for a medium security enterprise such as Military
(unclassified workstations) law enforcement, Law offices, Financial
institutions, etc. The building is physically secure, although members
of the public, clients, etc are allowed access with loose escort, and
may or may not be left alone in an area for short periods.

Any opinions or suggestions are appreciated.

Rick 

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert
instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your
organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your
organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
----------------------------------------------------------------------------


Phillip McCollum
Network Technician 
San Manuel Band of Mission Indians
pmccollum () sanmanuel com
(909) 496-0310

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Workstation Screensaver Lock Timeouts saliskor (Mar 26)
- RE: Workstation Screensaver Lock Timeouts frcmsec (Mar 29)
- <Possible follow-ups>
- Re: Workstation Screensaver Lock Timeouts Mitchell Rowton (Mar 30)
- Re: Workstation Screensaver Lock Timeouts saliskor (Mar 30)
  - RE: Workstation Screensaver Lock Timeouts JTH (Mar 30)
- RE: Workstation Screensaver Lock Timeouts Phillip McCollum (Mar 30)