Re: [fw-wiz] Stanford break in

• Previous message: Brian Galdino: "[fw-wiz] iChat A/V and Cisco PIX 501 (6.3)"
• In reply to: Bennett Todd: "Re: [fw-wiz] Stanford break in"
• Next in thread: Bill Royds: "RE: [fw-wiz] Stanford break in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Bennett Todd <bet@rahul.net>
Date: Wed, 28 Apr 2004 12:51:49 +0200

* Bennett Todd (bet@rahul.net) [040425 01:25]:
>
> Other than that, frequent mandatory password changes are detrimental
> to security. Better to have the password-changing tool use cracklib,
> and offer good random passwords to users who are willing to use
> them, and let them keep using them long enough to amortize the
> higher cost of learning them.
>

Somewhere, sometimes, you have to. In Italy there is a law (T.U. 196/03)
that mandates that in certain situations, which, by the way, are not so
rare, you have to periodically change passwords on systems.

The period could be as low as three to six months:

``5. La parola chiave, quando è prevista dal sistema di autenticazione,
è composta da almeno otto caratteri oppure, nel caso in cui lo strumento
elettronico non lo permetta, da un numero di caratteri pari al massimo
consentito; essa non contiene riferimenti agevolmente riconducibili
all'incaricato ed è modificata da quest'ultimo al primo utilizzo e,
successivamente, almeno ogni sei mesi. In caso di trattamento di dati
sensibili e di dati giudiziari la parola chiave è modificata almeno ogni
tre mesi.'' from ``Allegato B - Disciplinare tecnico in materia di
misure minime di sicurezza'' of the above mentioned law. In summary it
says that password must be at least eight character long, or the maximum
allowed by the system, must not not be easy to guess and must be changed
every six months, or every three months if the data belong to a special
category.

In these cases trying to build an effective password policy is
necessary, since is mandated by law.

-- 
 .*.                            finelli
 /V\
(/ \) --------------------------------------------------------------
(   )       Linux: Friends dont let friends use Piccolosoffice
^^-^^ --------------------------------------------------------------
There is nothing wrong with writing ... as long as it is done in private
and you wash your hands afterward.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Brian Galdino: "[fw-wiz] iChat A/V and Cisco PIX 501 (6.3)"
• In reply to: Bennett Todd: "Re: [fw-wiz] Stanford break in"
• Next in thread: Bill Royds: "RE: [fw-wiz] Stanford break in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: DNA tests for all babies? ... It's impossible to come up with a blanket law that fits all ... What about the privacy of sperm donors? ... something is made mandatory, things get fucked up. ... I prefer to hear the truth, no matter how it hurts, and I'm ... (soc.men) Re: DNA tests for all babies? ... It's impossible to come up with a blanket law that fits all ... DNA testing at birth) could make a whole multitude of laws, ... something is made mandatory, things get fucked up. ... Whatever rules are in place need to work and truth and knowledge work ... (soc.men) Re: DNA tests for all babies? ... It's impossible to come up with a blanket law that fits all ... DNA testing at birth) could make a whole multitude of laws, ... something is made mandatory, things get fucked up. ... Whatever rules are in place need to work and truth and knowledge work ... (soc.men) Re: Good/Bad ... >> must be relatively recent if he means it's mandatory. ... >obviously no one in the car can legally drive it so it has to be impounded. ... Or was that just another example of a city PD in Texas being too ... fucking lazy to enforce the law? ... (rec.autos.driving)