Firewall Wizards mailing list archives
RE: Passwords
From: Siglite <siglite () criticalstop com>
Date: Wed, 13 Oct 1999 13:06:37 -0400 (EDT)
On smaller networks, the best way to determine if user passwords have been compromised is to be familiar with your users's habits. Example: Joe logs in from dialupip () his isp com twice a day or so, and you know this because you diligently watch your logs. Joe's been doing this oh, every day or so for the past six months. Then one day, you notice in your logs that Joe has started loggin in from someip.somenetwork.cz. On my network, that would be pretty unusual, prompting me to ask joe about it. That's a pretty extreme example, but familiarity with your users, and thier habits goes a LONG way towards detecting a security breech. I do of course realize how much more difficult this becomes in a serious enterprise environment with thousands upon thousands of users. However, I've written scripts in the past to parse my system logs to determine where any individual is most likely to login from, then look for changes. /*-----------------------------------*/ /* I live with FEAR every day. */ /* But, sometimes, she lets me RACE. */ /*-----------------------------------*/ KT Morgan Network Engineer Checkpoint Firewall-1 CCSA/CCSE Microsoft MCP Software Systems Group, Inc the compaq support website, crib notes version: "you cant do that." On Thu, 7 Oct 1999 sean.kelly () lanston com wrote:
From: Rex Murphy [mailto:rmurphy () Networkguys com] Is there a product that can identify "hacked Passwords." I had a conversation with some one and they mentioned that such a product existed.You can run the software people have written to hack passwords on your password file to determine "hackable" passwords. My friend did this a lot in college and sent alerts to the sysadmin. As far as determining if a password has been "hacked," how is this possible? "Hacked" could mean shoulder-surfed or guessed. ie. there would be nothing to distinguish a hacker logging on to an account from the actual user logging into the account. Unless they mean detecting hack attempts, and this kind of thing is genrally in place in systems already. Sean
Current thread:
- Passwords Rex Murphy (Oct 06)
- Re: Passwords Rick Smith (Oct 12)
- Re: Passwords Don Helms (Oct 16)
- Message not available
- Re: Passwords Rick Smith (Oct 16)
- Re: Passwords Rick Smith (Oct 12)
- <Possible follow-ups>
- RE: Passwords sean . kelly (Oct 12)
- RE: Passwords Siglite (Oct 16)
- RE: Passwords Peter J. Kunz (Oct 16)
- RE: Passwords LeGrow, Matt (Oct 18)
- RE: Passwords Doty, Ted (ISSAtlanta) (Oct 18)
- Re: Passwords Vin McLellan (Oct 18)