Subject: | |
From: | |
Reply To: | |
Date: | Mon, 13 Mar 1995 14:34:00 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Thu, 3/9, Guy Smith <[log in to unmask]> wrote:
>: () If this is done (figure out the proprietary handshake to obtain an MPE
>: prompt, like NS/open did), my testing shows that NS/vt will allow continuous
>: trial of passwords (try three passwords-drop; reconnect; try three
>: more-drop; reconnect, etc.) Is there any way to shutdown such an attack
>: without turning off NS/VT?
>
>The folks at VeSoft are using PEAIFs to intercept logon attempts in their
>Security/3000 product. I am willing to bet that they could add this
>enhancement.
For what it's worth, after exhausting a re-try count, some security tools
'down' the device from where the invalid attempts originates. In some
instances, the device is re-enabled after a prescribed time period, in
other cases it would require action on the part of the operator/system
manager. However, during this time, the downed port is also unavailable
to others.
Instead of disabling the device, we've setup SAF/3000 from Monterey such
that the logon-ID itself is disabled. This allows the port to remain in
service for others to use. Granted someone could continue to try various
logon-IDs, probably disabling a number of them. But this would stick-out
in the daily security reports that are reviewed, raising focus on the
situation. The feeling amoung folks here was this was no more risk than
disabling/re-enabling the device yet it did provide a better service
factor in terms of access availability, especially with NS/VT ports.
-- Jerry
|
|
|