Firewall Wizards mailing list archives
Stanford break in
From: Chuck Vose <vosechu () roman-fleuve com>
Date: Wed, 21 Apr 2004 09:41:48 -0700
The break in at Stanford and other high level super-computing schools prompted a question about NIS. When dealing with any kind of networked password database, such as NIS or Active Directory, how does one ensure that accounts aren't stolen. It seems like when an account is lost, it's lost on every single computer on the network instead of just one machine. 1. Are network synchronized passwords a bad idea, considering the normally lax stance on security that many corporations have? 2. Aside from running Jack the Ripper regularly on the passwords and ensuring that passwords are strong, what are some methods to ensure physical and logical security of accounts (ie: yellow stickies are the hidden treasure for a disgruntled employee). Any generalized concepts? 3. In an Active Directory domain, allowing access to all computers is obviously a bad idea, but is this what the majority of admins do? Authenticate with the server, but only allow access to one workstation. I've never had to do this on a large scale, is it as time consuming as it seems that it might be or are there tools that make this easier? I know that this is 3 disparate topics, would list etiquette suggest that I should make 3 topics? Thank you, Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Stanford break in Chuck Vose (Apr 22)
- Re: Stanford break in Paul D. Robertson (Apr 22)
- RE: Stanford break in Victor Williams (Apr 22)
- Re: Stanford break in Chuck Vose (Apr 22)
- Re: Stanford break in Darren Reed (Apr 22)
- Re: Stanford break in Carric Dooley (Apr 22)
- Re: Stanford break in R. DuFresne (Apr 22)
- RE: Stanford break in Laura Taylor (Apr 22)
- RE: Stanford break in R. DuFresne (Apr 22)
- RE: Stanford break in Chuck Vose (Apr 22)
- RE: Stanford break in Paul D. Robertson (Apr 22)
- Re: Stanford break in R. DuFresne (Apr 22)
- Re: Stanford break in Paul D. Robertson (Apr 22)