To prevent unauthorized access to University of Houston data by providing terminal controls.Scope
University of Houston terminals.Standard
Proper physical and software control mechanisms shall be in place to control access to and use of devices connected to University of Houston computer systems.Guidelines
- Hardware Terminal Locking - In areas that are not physically secured, terminals should be equipped with locking devices to prevent their use during unattended periods. The locks should be installed in addition to programmed restrictions, such as automatic disconnect after a given period of inactivity.
- Operating System Identification of Terminals - All terminal activity should be controlled by the operating system, which should be able to identify terminals, whether they are hardwired or connected through communications lines. The operating system should inspect log-on requests to determine which application the terminal user desires. The user should identify an existing application and supply a valid user ID and password combination. If the log-on request is valid, the operating system should make a logical connection between the user and the application.
- Limitation of log-on Attempts - Limit system log-on attempts from remote terminal devices. More than three unsuccessful attempts should result in termination of the session, generation of a real-time security violation message to the operator and/or the ISO (and log of said message in an audit file), and purging of the input queue of messages from the terminal.
- Time-Out Feature - Ensure that the operating system provides the timing services required to support a secure operational environment. Inactive processes, or terminals (in an interactive environment) should be terminated after a predetermined period.
- Dial-Up Control - The communications software should ensure a clean end of connection in all cases, especially in the event of abnormal disconnection.