The current security structure at Korean Travel, Inc. relies primarily on features provided by the network operating system. Users are logging in with passwords 8-14 characters long. The password duration is 90 days and allows repetitive passwords after 10 changes. After three unsuccessful login attempts, the account is locked out for 24 hours unless the Help Desk is contacted. Written requests need to be submitted for new account creation. All significant changes to accounts such as granting permissions and group membership also require written request and approval of higher management level.

Supervisory permissions are limited to only two people in the company and administrative permissions are granted only with management approval. All passwords for servers, switches, routers, and services are kept in a sealed envelope. The number of people who can change these passwords is also controlled and limited. The environment is protected from the Internet two firewalls. Both firewalls protect the network from intruders coming through the independent ISP lines. A third Cisco PIX firewall is in the process of being installed at Headquarters. This device will protect Headquarters in case of eventual failure at any of the other firewalls. Dial-up users are allowed into the system in two ways. A communication server at Headquarters provides access to e-mail only and requires messaging provided authentication. 3Com Total Control servers provide data and mail access to the LAN. Users authenticate with their NetWare accounts.

For additional information on Korean Travel, Inc. security policies, please click the link below and download the "KTI Security Policies" document.