> -----Original Message-----
> Behalf Of Art Bahrs
> 
>     Second, the biggest threat to any computer system 
> (regardless of OS or hardware) is a brute force attack...

Did you mean that as your second point, or the second biggest threat? :) I've heard that the "biggest" threat is "the inside job", i.e., someone who already HAS a legitimate logon going outside their abilities [and usually for nefarious purposes -- if they go beyond their limits, but for the reason "to fix problem x...", the event gets swept under the rug and nobody thinks of it as "a breach"]

> If I can get a prompt and know how to
> logon and you don't lock me out after 3 logon attempts... you 
> are toast... I will keep hammering your box till I get in!

OTOH, locking out after three attempts makes it very easy to mount a "Denial of Service" attack, especially from an "insider" -- simply take the list of "known" logons, and try each one with the same "expectedly-wrong" password.  In a matter of minutes you'll kill every logon possibility so the LEGITIMATE users cannot use the system.  If you've managed to get the system manager/superuser in that mix, well, it's reboot to single-user mode time to reset the locked password [or compromise another security "best practice" and somehow arrange for an always-logged-on user with access to the "god" lockword...]

Tom "Why yes, I did work for VEsoft for five year" Emerson ;)

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *