Скачать в pdf «Network+»

Limiting the location from which a user logs in can be important also, because typical users shouldn’t log in to the network from any place but their own workstation. Although in theory this is true, it is not often implemented in most corporations. Users move stations, often not taking their computers with them. Or they have to log in at someone else’s station to perform some function. Unless you require really tight security, this restriction requires too much administrative effort. Both NetWare and Windows NT/2000 can limit which station(s) a user is allowed to log in from; however, by default, user accounts are not restricted in this respect. This is probably acceptable in most cases. If you really want to tighten security, restrict users to logging in from their assigned workstations. By default, Windows NT/2000 servers do not allow a regular user to log in at the console because most users should not be working directly on a server. They can do too much damage accidentally. In NetWare, the console interface is entirely different and is not used to access network resources, so this is not an issue.

Renaming the Maintenance Account

Network operating systems automatically give the network maintenance (or administration) account a default name. In Windows NT/2000, this account is named Administrator; in Unix, it is Root, and in NetWare, it is Admin. If you don’t change this account name, hackers already have half the information they need to break in to your network. The only thing they’re missing is the password.

Rename the account to something innocuous or use the same naming convention that is used for regular users. For example, jmorris is a much better choice than super is. Here is a list of common names that you should not use:

Скачать в pdf «Network+»