Security experience on how to secure Winnt +asp +sql Web site (2)

19. Security policy for passwords. The number of digits in the password is secure. This is weird. According to Ms Encryption algorithm. Only 14-digit passwords are likely to be safe. But in fact very few people can remember so many bits of password. But 14 bit. 7-bit passwords are more secure. (It's weird.) Microsoft engineers say that sometimes 7-bit is more than 10-bit insurance. Oh, the specific reason to say more complex. I'm giving my brother a lecture. Omit it.
20. Suggested password has letters. Digital. The case is composed of. It is best to add some characters such as! #￥% (). Can hardly be guessed.
21st. User name to change the default Admini ... , you can build a 14-bit long administrator name. You can use all the letters. This increases the level of protection.
22. Increase the strategy. Prevent the enumeration method to guess the account name.
23. Add to prevent 5 unsuccessful login, automatically locked account 20 points. Prevent the violence law from breaking through.
24. Establish a classified password policy. Don't use some built-in accounts. such as "sa".
25. Increase the password for the SA. It's best not to use him. Build an additional administrator account. Then build a classified account for each of your own databases. It is best to connect with him in ASP. This will ensure the security of other databases.
26. Remove some permissions. Ordinary users are not allowed to use more dangerous stored procedures.
27. Remote connections are not allowed for accounts other than administrators. Or add a named pipe.
27. If the ASP can use DSN, do not use the connection string. And take a pattern containing the files included in.