Re: password expiration

From: Wayne Walton (wayne.walton@s2i2.net)
Date: 05/20/02

• Next message: Joshcali: "Commercial Copy Protection SDK?"
• Previous message: Critter: "FS: Book for sale - Internet Security (2nd edition)"
• In reply to: Alun Jones: "Re: password expiration"
• Next in thread: C Colon: "Re: password expiration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Wayne Walton" <wayne.walton@s2i2.net>
Date: Mon, 20 May 2002 21:15:50 GMT

Alun Jones <alun@texis.com> wrote in message
news:TX9G8.24495$NT.3290427543@newssvr12.news.prodigy.com...
> In article <DOYF8.6652$zV.62078@sccrnsc02>, "Blah" <nospam@aol.com> wrote:
> >Yep, "password never expires". However, it is generally considered a Bad
> >Thing to use that in any kind of production environment.
>
> On the other hand, there are _some_ valid uses for it. Let's say, for
> instance, you have a password for your customers to access the current
version
> of your software. Changing the password for this account would mean
> contacting all of your customers. You don't want to have to do this every
> thirty days, you probably really only care about it in one of two cases:
>
> 1) There's been a leak, and the password is widely known, causing large
> numbers of unauthorised downloads (you do monitor your log files, don't
you?)
> 2) There's a new version out, and you don't want the new version to be
made
> available to the people who were licenced to get the old version but
haven't
> paid the upgrade fee.
>
> Even in case 2), you might not want to change the password, but you might
want
> to use a new account.
>
> Alun.
> ~~~~
>

Heh, true enough. As always, there are exeptions to the rule.

>(you do monitor your log files, don't you?)

Actually, I sell and install software that does that for intelligently.
(correlates attacks across a network too)

Wayne

---

• Next message: Joshcali: "Commercial Copy Protection SDK?"
• Previous message: Critter: "FS: Book for sale - Internet Security (2nd edition)"
• In reply to: Alun Jones: "Re: password expiration"
• Next in thread: C Colon: "Re: password expiration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: password expiration ... Changing the password for this account would mean ... > numbers of unauthorised downloads (you do monitor your log files, ... I sell and install software that does that for intelligently. ... (comp.security.misc) Re: Requiring specific computer to log on ... > Monitoring through the RRAS VPN log files is simple though. ... Double click the logfile. ... >> if I can simply block his own machine from logging on - that does resolve ... >> able to monitor his logging on. ... (microsoft.public.windows.server.sbs) Re: Requiring specific computer to log on ... Monitoring through the RRAS VPN log files is simple though. ... Access logging. ... Double click the logfile. ... to monitor compliance may be enough to have everyone play by the rules. ... (microsoft.public.windows.server.sbs) Re: Views and Correlation in Intrusion Detection ... >connection to correlation techniques. ... trying to correlate all the relevant information. ... with it, you can monitor-and-centralize on the fly log files for antivirus, ... To monitor and analyse these logs, ... (Focus-IDS) Re: deleting user account: disposition of users files? ... All of this is managed automatically by a password aging script. ... user doesn't change his password after 65 days, his account is expired. ... and the host monitor runs every 6 hours. ... Martin E. Meserve - K7MEM ... (comp.unix.solaris)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)