Firewalls may prevent the luxury of remote administration. Since prisons are often geographically dispersed and isolated, system personnel might spend much time traveling between sites. Therefore plan and deploy a setup strategy that is as simple as possible to reduce maintenance needs. Work with on-site IT staff for routine repairs. Keep plenty of spare parts readily available. If prison network users must access several non-native systems (a registration system, a scheduling system, a medical records system, a court system), then password resets often become a major issue. Users want a single, easily remembered password; neither is a good idea. Inmates have plenty of time on their hands to keep trying passwords (keep in mind that some inmates may be former hackers).

Passwords

Maintain best practices in password management. Passwords should be complex (upper- and lower-case, numbers, punctuation marks, at least seven characters long). They should expire at least every few months and should not be reused. Replacement passwords should not have the same format (password1, password2) and should not be recycled (no previously used passwords). No personal names or dates. Never share a password.

Prevent dictionary attacks (no common words) and block repetitive guessing (lock out the account after several consecutive failures). Have you ever noticed that TV programs show characters cracking into computer consoles within a few moments? Don't let that happen to you.

Immediately disable computer accounts whenever staff exits the system. Dormant and guest accounts can only lead to trouble.