Re: Password Cracking & Consequences

[Eric Pancer <epancer () SECURITY DEPAUL EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ron Parker wrote on Thu, 2004-08-26 at 17:07:32 -0500...

> From a network security standpoint, this seems like pretty standard
> countermeasures to me. I consider this to be the network security
> equivalent of physical campus security rattling doorknobs at night to see
> if the door is locked. A poor password is an unlocked door.

I would beg to differ slightly. A poor password is more like a
easily-pickable lock. Sure, this is just a different wording, but I
would hold the locksmith slightly responsible for putting an
easily-picked lock in place to protect a bank. Likewise, I would
place some responsibility on the system administrators who do not
configure password guidelines.

As much as I don't like Microsoft products, they do offer fairly
decent password guidelines and enforcement tools. These are easy to
use, but *do* require some user education detailing *how* to choose
a ``good'' password.

- --
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

-----BEGIN PGP SIGNATURE-----

iQEVAwUBQS5hoxg79iScdnghAQIT5wgAxVuG64PLQGwfqMh49t3VUNrskBrNTLdT
cyECandoultCdT/y7tQyp4FxrZQqIEuypASC2KsUPPeIfRZ3OVHiMLKJSEoPvXyD
+lEEDSFkrI9AsAIfwmMlbcFEsu7FFTZLuxasaWtszpAXHzBDYenwSeNNdnVi3DSj
VBgsBhV/W8bZyTfSntc/zOMQM6zj4mNG2XQjgXr0wxg7RMk6Tl3EyHAomRcuHIFs
ZNd1KU8Pw8hhZbvsZx+DM5uVXRwdvAHHkzS7LezJDayzX+gCvy9v69MNYC5slNz+
mVlkzHvHdFK1rcvDFQD3lVKSwaPU4T78hkBDeKukvDEBA2+bUIimtA==
=yKzS
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.