Using Net searches, locate the password policies of three organizations. Compare

Question

Using Net searches, locate the password policies of three organizations. Compare/contrast these policies. Using the SANS Institute’s password policy template your guide, develop a chart as follows based upon your analysis:

Criteria Where possible, users must not use the same password for various access needs.

Organization A’s Password Policy Compliant Organization’s B Password Policy Partially-compliant – users are allowed to use the same password within systems in their own operating division.

Organization C’s Password Policy Not compliant.

Explanation / Answer

SANS Institute’s password policy:

Locating the password policy of International Business Machines (IBM):

Checking compliancy:

Template from SANS

Company A: IBM

Company B

Company C

Company account password differs from personal account passwords

Different passwords for different access inside the company

Unique passwords at the same system-level

Differing SNMP password from the default

Change user level passwords once in 4 to 6 months

Yes, more than compliant, the site said: password maximum age =

7,776,000 seconds = 129,600 minutes = 2160 hours = 90 days = 3 months – again exceeds expectations

Change root, admin NT high security password at least once in 3 months

Yes, compliant, as the company site says – password Maximum Age = 43200 minutes = 4320/60 = 720 hours = 720/24 = 30 days = 1 month < 3 months – hence better than just compliant – exceeds expectations !!

Change password if guessed by the testing team

table

SANS Institute’s password policy:

Locating the password policy of International Business Machines (IBM):

Checking compliancy:

Template from SANS

Company A: IBM

Company B: Teepta private Limited

Company C: ThiruchengoduEarthBorewellDrillersSociety Proprietory Limited

Company account password differs from personal account passwords

compliant

partially compliant

not compliant

Different passwords for different access inside the company

compliant

partially compliant

not compliant

Unique passwords at the same system-level

compliant

partially compliant

not compliant

Differing SNMP password from the default

compliant

partially compliant

not compliant

Change user level passwords once in 4 to 6 months

Yes, more than compliant, the site said: password maximum age =

7,776,000 seconds = 129,600 minutes = 2160 hours = 90 days = 3 months – again exceeds expectations

partially compliant

not compliant

Change root, admin NT high security password at least once in 3 months

Yes, compliant, as the company site says – password Maximum Age = 43200 minutes = 4320/60 = 720 hours = 720/24 = 30 days = 1 month < 3 months – hence better than just compliant – exceeds expectations !!

partially compliant

not compliant

Change password if guessed by the testing team

Information not found in their website – hence whether compliant or non compliant cannot be found out

partially compliant

not compliant

table

Template from SANS

Company A: IBM

Company B

Company C

Company account password differs from personal account passwords

Different passwords for different access inside the company

Unique passwords at the same system-level

Differing SNMP password from the default

Change user level passwords once in 4 to 6 months

Yes, more than compliant, the site said: password maximum age =

7,776,000 seconds = 129,600 minutes = 2160 hours = 90 days = 3 months – again exceeds expectations

Change root, admin NT high security password at least once in 3 months

Yes, compliant, as the company site says – password Maximum Age = 43200 minutes = 4320/60 = 720 hours = 720/24 = 30 days = 1 month < 3 months – hence better than just compliant – exceeds expectations !!

Change password if guessed by the testing team

Related Questions

Navigate

• Browse (All)
• Browse U
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.