Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Changing user password policy

from [Cyber Legionnaire] Network Security [Permanent Link]
Subject: Re: Changing user password policy
Date: Mon, 25 Sep 2006 17:40:43 +0300 
How about this:
a client-server password generating application in which the client must
call an admin on the phone and verify himself/herself. He/she will then
be supplied with a verification code which will be entered in the client
application to generate a valid new password (else the generated
password will be rejected by the server). Once that new password is
generated and the user decides it is easy for him/her to memorize he
will submit the password over the network so that it is registered in
your NIS/Domain Server.
The client-server communication must be using a covert channel which
includes a public key handshake to establish a session key to encrypt
the transmitted password.

In terms of user-friendliness, the client must only make a phone call,
fill in the verification code and click the generate button.

Lars Solberg wrote:

Hi list!

I was wondering your toughts in changing users password in an
enterprise firm, with 10k users.
It has to be easy for the user to get a new password, but also secure!
The users also have to be verified over the phone.
Make the users go somewhere and show ID to get a new password will not
work.

Soo, what is your toughts about a good solution to this?


In front thanks
 Lars

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you can
earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Network Resource Mapping Reporting, Beauford, Jason
Next by Date:  RE: Network Resource Mapping Reporting, William Woodhams
Previous by Thread:  Changing user password policy, Lars Solberg
Next by Thread:  RE: Changing user password policy, Paul Sutton
Indexes:  [Date] [Thread] [Top] [All Lists]