等级保护测评过程中常见的静态密码风险及防护建议

Common static password risks and protection suggestions in the process of classified protection evaluation

虽然身份鉴别技术随着信息科技的发展也在不断更新,但静态密码目前仍然是信息系统中常用的身份鉴别方式,尤其是信息系统建设方式的发展,也给信息系统中涉及的操作系统、网络设备、安全设备、应用软件等层面的静态口令带来新的风险。文章梳理了等级保护测评过程中常见的静态密码风险,并针对各个风险提出了防护措施。

Although identity technology is constantly updated with the development of information technology,However, static passwords are still commonly used in information systems.In particular, the development of information system construction methods also brings new risks to the static passwords involved in information systems such as operating systems, network devices, security devices, and application software. This paper reviews the common static passwords in the process of rating protection assessment. Risk, and put forward protective measures against each risk.