Password best practices for Symantec Web Gateway (SWG) appliance

book

Article ID: 181772

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

 

Resolution

When handling and maintaining password for Symantec Web Gateway, Symantec suggests the following best practices:

  • During the initial install wizard, create a secure username for the system account within the user interface of SWG appliance.
  • As a post-install task, change the password for the admin account within the command line interface (CLI).
  • As a post-install task for SWG8490 model, when using the iDRAC, create a secure username and password for the iDRAC interface.
  • Take care to not lose the password for the admin account within the CLI of Symantec Web Gateway. The method for securing the password for this account is re-installing the SWG operating system from DVD or OVF.
  • Create and use secure passwords.
  • If business continuity requirements in your organization include storing a password for SWG in a file, encrypt the file and restrict file access to authorized personnel.
  • After you reset an administrator's password, use a secure method (such as a phone call) to notify the administrator of the new password. Email messages are not typically secure methods.
     

To create secure usernames, consider the following suggestions:

  • Create usernames with eight (8) or more characters.
  • Avoid using usernames which are the same as built-in administration accounts for other common operating systems or devices, which are typical targets of brute force password attacks. Examples to avoid include: 
    - root
    - Administrator
    - admin
    - sa

To create secure passwords, consider the following suggestions:

  • Do not create a password that uses any of the following formats:
    - A word that is found in a dictionary (in any language or jargon)
    - A name (such as the name of a spouse, parent, child, pet, fantasy character, famous person, or location)
    - Any variation of your personal name or account name
    - Accessible information about you (such as your phone number, license plate, or social security number) or your environment
    - A birthday or a simple pattern (such as backwards, followed by a digit, or preceded by a digit)
     
  • Create a password that is based on the following recommendations:
    - Use a mixture of upper and lower case letters, as well as digits or punctuation
    - Make sure the password is unrelated to any previous password
    - Use long passwords (eight characters or longer)
    - Consider using a pair of words with punctuation inserted
    - Consider using a pass phrase (an understandable sequence of words)
    - Consider using the first letter of each word in a pass phrase