SCR attack
On 2019-12-02 17:34, VanguardLH wrote:
I don't know of any reason for screensavers to still exist.
I certainly don't use them.
How many users lock their computer before leaving it powered? A
screensaver can be configured to lock the workstation after an idle
timeout.
Vanguard has a point. And it is also part of by PCI (Payment
Card Industry) requirements
SAQ-C 8.1.8
If a session has been idle for more than 15 minutes,
are
users required to re-authenticate (for example,
re-enter the
password) to re-activate the terminal
or session?
A "no" fails you.
I set the screensaver to 10 minutes with a five minute
grace period before re-authenticate. That way when the
customer sees the screen saver come on, he can wiggle the
mouse and not have to re-authenticate if he gets to
it quick enough. It cuts down on the frustration.
Anyone who wants the directions on how to set up a
grace period, ping me on the subject line.
And on regular customers, I set up the screensavers because
they JUST LIKE IT. It feels like it is "their" computer
after they get to see endless pictures of their kids/grand
kids and/or their cars.
Me? Mine are endless pictures of trout. Now that feels
like it is MY computer (that and I build it with my own
two hands.)
|