RFC 2179 (rfc2179) - Page 2 of 10

Network Security For Trade Shows

RFC 2179            Network Security For Trade Shows           July 1997


   Tips:

   * Educate sales and support staff regarding system logins, especially
     "root" or other privileged accounts.
   * Identify individuals who are not using exhibit systems for their
     intended purpose, especially non-booth personnel.
   * Request identification from anyone wishing to access systems
     for maintenance purposes unless their identities are known.

System Security

   This section discusses technical security procedures for workstations
   on the vendor network.  Although specifics tend to be for Unix
   systems, general procedures apply to all platforms.

Password Security

   Lack of passwords or easy to guess passwords are a relatively low-
   tech door into systems, but are responsible for a significant number
   of breakins. Good passwords are a cornerstone of system security.

   By default, PC operating systems like Windows 95 and MacOS do not
   provide adequate password security. The Windows login password
   provides no security (hitting the "ESC" key allows the user to bypass
   password entry). Password security for these machines is possible,
   but is beyond the scope of this document.

   Tips:

   * Check /etc/passwd on Unix systems and the user administration
     application on other systems for lack of passwords. Some vendors
     ship systems with null passwords, in some cases even for
     privileged accounts.
   * Change passwords, especially system and root passwords.
   * Mix case, numbers and punctuation, especially on privileged
     accounts.
   * Change system passwords on a regular basis.
   * Do not use passwords relating to the event, the company, or
     products being displayed.  Systems personnel at Networld+Interop,
     when asked to assist booth personnel, often guess even root
     passwords!










Gwinn                        Informational