Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Disaster Encryption

from [Matthew Kosmoski] Network Security [Permanent Link]
Subject: Re: Disaster Encryption
Date: Wed, 25 Apr 2007 02:38:29 -0400 
On 24 Apr 2007 19:17:33 -0000, jaxjunk1@comcast.net
<jaxjunk1@comcast.net> wrote:


Has anyone seen anything like this or have a better suggestion?


Just pondering this, and it seems still vulnurable if your passwords
are stored like this.  What if the password is unintentionally leaked?
Why not use a tiered authentication strategy, such as an accompanied
RSA token?  Such that the password is the least of your worries, and
so that the RSA dongle these privileged people have is the real
verification.  So when they call your DR admin, then give them the
password, then the RSA token currently on their dongle.  Seems like a
more secure method, if you want as much security over your recovery
and the data involved as I infer from your current plan.

--
Matthew J. Kosmoski <mkosmo@gmail.com>

--
Matthew J. Kosmoski <mkosmo@gmail.com>

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Disaster Encryption, jaxjunk1
    • Message not available
      • Re: Disaster Encryption, Matthew Kosmoski <=
Previous by Date:  Re: Pen-Testing Novell Products, Matthew . molda
Next by Date:  Re: RE: Value of certifications, Joey Boyer
Previous by Thread:  Disaster Encryption, jaxjunk1
Next by Thread:  ISO 27001 Implementation Cericication Test - Pl Help, Newbie2ISO
Indexes:  [Date] [Thread] [Top] [All Lists]