Thursday, October 20, 2005

Username Policy

Last week people start complaining about our Acceptable Username Policy.

I´m tired of using any usual pattern like:
  • "first name + .+ last name" (e.g. george.bush, bill.clinton) or
  • "initial + last name" (initial letter of first name + last name, e.g. gbush, bclinton) or
  • "first name + initial" (first name + initial letter of last name, e.g. bush.g, clinton.b)

They are very usual... boring... with no creativity at all....
People ever wants to have a closer match between a user's actual name and its username. However, this usually make us have multiple users with equal usernames, so we have to have additional rules (like including more letters, a number at end, etc).
So, I´d decided to create a new username policy for the company: the first 3 letters of first name plus the initial 3 letters from the last name. Example: geobus, bilcli .
But users never get satisfied. Some of them starting cp,plaining that they dislike their usernames. My boss asked me to change the Acceptable Username Policy, so here follows the new one:
  • Account names consists by only the vowels from the first name plus the last name (e.g. eoeu, iio),
  • if there is two users with the same result, then the username must include the first 5 odd numbers of his/her social security number.

From now on, users will have usernames like eoeu39751 for George Bush and eoeu99715 for Leone Blur.
No comments:

Friday, September 30, 2005

NAT Gateway

My Firewall admin have just gave me an user account to connect to our internal Firewall in order to verify it´s configuration. After about 4 months, he finnaly gave me a "read-only" account.
When I first connect I was impressed: our internal firewall (who was supposed to isolate our engineer network) has 8 policy rules and around 80 NAT rules. As the last access rule (of 8) is a "default permit" rule (anything from anywhere can pass), I named it as our new "NAT Gateway" security equipment.
From now on, a "NAT Gateway" is a special-purpouse security device that contains no usefull security rules, only lots of NAT rules.
1 comment:

Spam at Work

The spammers are getting more and more creative erevyday. We can find SPAM messages almost everywhere.
I have just received two SPAM messages on my orkut´s scrapbook !!! They are spamming Orkut !!!
I´ve also received SPAM comments on my personal blog ! Amazing....
No comments:

Friday, September 23, 2005

The BOFH-style Excuse Server

I must post here the most useful thing that we could ever find on Internet: The BOFH-style Excuse Server.
This is a useful tool that all sysadmins and IT professionals should use on a regular basis.
No comments:

Exclusive: New high dungerous attack

Yesterday night we discovered a brand-new computer-related attack: the "version overflow".
There is no known possible solution to this. This could affect all systems conected worldwide.
Our security-many-certifications-expert had discovered it by running the newest version of an award-winning-worldwide-leader OS.
The "version overflow" problem occur when we try to run an application that is a version above the one that is currently supported. For example, if you try to access a website that recquires .Net framework 1.1 and you hv version 2 installed.
No comments:

Welcome

Welcome to this blog.
I´ve been working with security for about 10 years. I started as an SYSADMIN and Firewall operator, then I started working with security products support on a major reseller and moved to a job as a Security Officer.
I´m now working on a American security-related company on its Product Area.
I´ve many historys to tell, and I hope I´ll post the most interensting and funny here.
This blog is based on a material I´ve first seen when I am a UNIX sysadmin on my earlier job: "The Bastard Operator from Hell" (BOFH). There are numerous websites about this novel, but It seems that the official one is hosted at http://bofh.ntk.net/Bastard.html.
No comments:
Subscribe to: Posts (Atom)