Network Security: Detailed info on Re: compromised machines

Subject:	Re: compromised machines
Date:	Fri, 27 Aug 2004 23:12:11 -0500

Scott Weeks wrote:


Are you sure they didn't crack the passwords?  Do you have 'strong'
passwords on the machines?

Don't forget derived/incremented passwords. Users who have passwords cracked and then go on to continue to use the series will cause you problems. BigDog1, BigDog2, BigDog3, BigDogX is fairly guessable and I know from experience they will cause you problems even if they are otherwise "strong."

On Windows you can implement a custom passflt.dll that will check for these. Look for numbers, replace them with 0-9 and hash and compare with the password history. If you have a match, you've got a password incrementer.

(Sorry but I didn't code the passflt.dll we used that did that but from what I've seen of the documentation on Microsoft's site on passflt.dll, it should be repeatable. While you are at it, throw in a small dictionary check for common words.)

--
Mike Lyman, CISSP
mikelyman-security@comcast.net

"You can't take the sky from me"

<Prev in Thread]	Current Thread	[Next in Thread>
compromised machines, Varun Pitale Re: compromised machines, Brian Eckman Re: compromised machines, Scott Weeks Re: compromised machines, Mike Lyman <= Re: compromised machines, bob Re: compromised machines, Harlan Carvey Re: compromised machines, Michael H. Warfield Re: compromised machines, Jose Maria Lopez Re: compromised machines, soccer4net@netzero.com

Previous by Date:	Re: [Full-Disclosure] RE: block all popups [google knockoff]; Re:, Nancy Kramer
Next by Date:	Re: block all popups [google knockoff], Jose Maria Lopez
Previous by Thread:	Re: compromised machines, Scott Weeks
Next by Thread:	Re: compromised machines, bob
Indexes:	[Date] [Thread] [Top] [All Lists]