3.1.15. Create and implement a password policy.

3.1. Preparation

3.1.1. Make users aware of malicious code issues.

3.1.10. Configure the network perimeter to deny all incoming traffic

3.1.11. Secure all remote access methods, including modems and virtual

3.1.12. Put all publicly accessible services on secured demilitarized zone

3.1.13. Disable all unneeded services on hosts and separate critical

3.1.14. Use host-based/personal firewall software to limit individual hosts’ exposure

3.1.2. Read antivirus bulletins.

3.1.3. Deploy host-based intrusion detection and prevention systems, including file

3.1.4. Use antivirus software, and keep it updated with the

3.1.5. Configure software to block suspicious files.

3.1.6. Eliminate open Windows shares.

3.1.7. Configure intrusion detection software to alert on attempts to

3.1.8. Configure all hosts to use centralized logging.

3.1.9. Establish procedures for having all users change their passwords.

By Efrain Ortiz

The password policy should require the use of complex, difficult-to-guess passwords and should ensure that authentication methods are sufficiently strong for accessing critical resources. Weak and default passwords are likely to be guessed or cracked, leading to unauthorized access.