Firewall Wizards mailing list archives
Re: Stanford break in
From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 23 Apr 2004 00:54:43 +1000 (EST)
In some email I received from Chuck Vose, sie wrote:
The break in at Stanford and other high level super-computing schools prompted a question about NIS. When dealing with any kind of networked password database, such as NIS or Active Directory, how does one ensure that accounts aren't stolen. It seems like when an account is lost, it's lost on every single computer on the network instead of just one machine. 1. Are network synchronized passwords a bad idea, considering the normally lax stance on security that many corporations have? 2. Aside from running Jack the Ripper regularly on the passwords and ensuring that passwords are strong, what are some methods to ensure physical and logical security of accounts (ie: yellow stickies are the hidden treasure for a disgruntled employee). Any generalized concepts?
The problem is just NIS. Your best bet is to deploy a kerberos solution (works with AD) where the encrypted keys generally aren't available to anyone but system administrators. Kerberos key changing is centralised so it is trivial to set password requirements. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Stanford break in Chuck Vose (Apr 22)
- Re: Stanford break in Paul D. Robertson (Apr 22)
- RE: Stanford break in Victor Williams (Apr 22)
- Re: Stanford break in Chuck Vose (Apr 22)
- Re: Stanford break in Darren Reed (Apr 22)
- Re: Stanford break in Carric Dooley (Apr 22)
- Re: Stanford break in R. DuFresne (Apr 22)
- RE: Stanford break in Laura Taylor (Apr 22)
- RE: Stanford break in R. DuFresne (Apr 22)
- RE: Stanford break in Chuck Vose (Apr 22)
- RE: Stanford break in Paul D. Robertson (Apr 22)
- RE: Stanford break in Victor Williams (Apr 22)
- RE: Stanford break in R. DuFresne (Apr 22)
- RE: Stanford break in Carric Dooley (Apr 23)
- RE: Stanford break in Victor Williams (Apr 23)
- Re: Stanford break in R. DuFresne (Apr 22)
- Re: Stanford break in Paul D. Robertson (Apr 22)