Re: Password Cracking
From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 01/20/03
- Next message: WFTF Webmaster: "The Wi-Fi & Wireless Technology Forum is back on"
- Previous message: Olaf Kilian: "Re: Strong Passwords Revisited"
- In reply to: Lohkee: "Password Cracking"
- Next in thread: phn@icke-reklam.ipsec.nu: "Re: Password Cracking"
- Reply: phn@icke-reklam.ipsec.nu: "Re: Password Cracking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "S. Pidgorny [MVP]" <slavickp@yahoo.com> Date: Mon, 20 Jan 2003 22:01:38 +1100
In big organisations with thousands user accounts password cracking as mean
of managing risks associated with weak passwords is neither preferred nor
practical. What do we do?
* Enforce using SOE
* Define password complexity and change policies in directory services
* Have all policies in place and train users
* Keep audit trail of all logon events
Optionally, for some critical systems:
* Have multiple parts of passwords with different custodoans, so that entire
password isn't known to one person
* Using hardware token/smart card logon (easy to do in small organisations
though)
At the end of the day, password cracking exercise isn't that important.
Not to mention physical security, host authentication/IPsec/switched
networkin (prevents sniffing), Kerberos, etc. etc.
-- Svyatoslav Pidgorny, MS MVP, MCSE -= F1 is the key =- "Lohkee" <Lohkee@worldnet.att.net> wrote in message news:2PEW9.3154$zF6.273943@bgtnsc04-news.ops.worldnet.att.net... > Password Crackers (DRAFT FOR COMMENT) > Copyright (C) 2003 by Lohkee! > All rights Reserved > > > Many within the professional security community recommend running password > crackers as the preferred means of managing risk arising from the selection > of weak passwords by system users.... > The goal, and sole justification for password cracking exercises, is to > reduce risk by enforcing the use of strong passwords via the identification > and subsequent elimination of those that are weak. Obviously, the validity > of this exercise is wholly dependent on two important factors; the ability > to correctly define and prove the characteristics of a strong password, and, > proof that strong passwords reduce risk to the organization.
- Next message: WFTF Webmaster: "The Wi-Fi & Wireless Technology Forum is back on"
- Previous message: Olaf Kilian: "Re: Strong Passwords Revisited"
- In reply to: Lohkee: "Password Cracking"
- Next in thread: phn@icke-reklam.ipsec.nu: "Re: Password Cracking"
- Reply: phn@icke-reklam.ipsec.nu: "Re: Password Cracking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
