Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Minimum password requirements

from [Kenton Smith] Network Security [Permanent Link]
Subject: RE: Minimum password requirements
Date: Mon, 23 Aug 2004 12:19:45 -0600 
What is your password policy? If you have one, maybe the consequences for
going against the policy aren't being enforced or aren't viewed as being
serious. If you don't have a formal policy, no amount of nagging is going to
stop password sharing. You have to impress upon people the need to keep
passwords secret and then you need to have a clear policy that includes a
way of "encouraging" them (i.e. "you'll be fired if caught giving out this
information") to stick to the policy.

Kenton

-----Original Message-----
From: Mike [mailto:mike@coenholdings.ie] 
Sent: Friday, August 20, 2004 9:39 AM
To: security-basics@securityfocus.com
Subject: RE: Minimum password requirements

Sorry if this subject has been flogged to death, but a recent example
from one of my own users:

User A is off work and calls in and asks colleague, user B to access her
email and supplies domain password (it doesn't matter how many times you
tell them not to tell anyone their password, they still do). User A has
internet access for business user B does not (it is hard enough to get
her to work at the best of times). User B surfs internet until user A is
forced to change password after 1 week (passwords rotate every 30 days).
As internet usage is only checked monthly (there are few problems) no
alarm bells sound until user B tries to use User A login and is booted
out for wrong user password combi and it shows up in logs.

Result: User A has sheepish conversation with IT Dept on importance of
not revealing passwords and ticking off from management.

Regards
Mike Molloy
IT Supervisor




---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Internet filtering at the packet level?, Will - Security Engine
Next by Date:  RE: Images being pulled in Outlook 2003 even though don't download pictures is set?, Spencer, Mark
Previous by Thread:  RE: Minimum password requirements, Mike
Next by Thread:  company password keeping, Juan B
Indexes:  [Date] [Thread] [Top] [All Lists]