Subject: | |
From: | |
Reply To: | Emerson, Tom |
Date: | Wed, 1 Sep 2004 08:52:40 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> -----Original Message-----
> Behalf Of Art Bahrs
>
> Second, the biggest threat to any computer system
> (regardless of OS or hardware) is a brute force attack...
Did you mean that as your second point, or the second biggest threat? :) I've heard that the "biggest" threat is "the inside job", i.e., someone who already HAS a legitimate logon going outside their abilities [and usually for nefarious purposes -- if they go beyond their limits, but for the reason "to fix problem x...", the event gets swept under the rug and nobody thinks of it as "a breach"]
> If I can get a prompt and know how to
> logon and you don't lock me out after 3 logon attempts... you
> are toast... I will keep hammering your box till I get in!
OTOH, locking out after three attempts makes it very easy to mount a "Denial of Service" attack, especially from an "insider" -- simply take the list of "known" logons, and try each one with the same "expectedly-wrong" password. In a matter of minutes you'll kill every logon possibility so the LEGITIMATE users cannot use the system. If you've managed to get the system manager/superuser in that mix, well, it's reboot to single-user mode time to reset the locked password [or compromise another security "best practice" and somehow arrange for an always-logged-on user with access to the "god" lockword...]
Tom "Why yes, I did work for VEsoft for five year" Emerson ;)
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|