Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Christian Wilson <Christian.Wilson () ITS MONASH EDU AU>
Date: Sat, 28 Aug 2004 02:09:37 +1000
Theresa, On Fri, Aug 27, 2004 at 08:29:17AM -0400, Theresa M Rowe wrote:
I just cannot imagine even trying that in our culture. I am surprise that this is being done at some organizations. Can you share more specifics about the process: What campus involvement did you get prior to making the decision - this couldn't have been just an IT decision. How did you market it? How did your faculty react?
We have an IT Security Policy (everyone I believe can read it, its located at http://www.adm.monash.edu.au/unisec/pol/itec13.html). Things like cracking passwords/finding security vulnerabilities and exposing such vulnerabilities can be determined from our policy via the following clause: "10.2 Monitoring will be undertaken routinely by ITS Authorized Staff in the normal course of their duties to maintain technical security and operational efficiency of the system/service. Any extraordinary action taken to monitor IT services must be authorized by the Executive Director, ITS." So basically issues regarding technical security, the cracking of usernames and passswords would fall under this. Our IT Security Policy has been approved by the University IT Policy group, so thats how we can justify doing what you are asking. Perhaps things are different in Australia as opposed to the US? I don't know? I'd be interested in seeing what people on list think about our policy. Hope this helps Christian. -- Christian Wilson IT Security and Risk Manager, Infrastructure Services Information Technology Services, Monash University - Clayton Phone: +61 3 990 51187 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Michael Mills (Aug 26)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Eric Pancer (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
(Thread continues...)