|
Posted by =?Utf-8?B?RGFu?= on September 2, 2008, 12:20 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Thanks, Brian
"Brian Komar (MVP)" wrote:
> Only if using a modern, securely designed OS, Dan.
> I am really done discussing this BS topic with you, as it just lends
> creedence to your absurd theories.
> Brian
> > Okay, so passwords greater than 17 characters using alph-numeric with
> > special
> > symbols and would protecting them with 448-bit Blowfish encryption be good
> > enough in this day and age?
> >
> > "Brian Komar (MVP)" wrote:
> >
> >> How about something that actually works, like two factor authentication.
> >> Fingerprint scanners are easily defeated, watch Mythbusters
> >> Card key access is getting there, but swipe is one factor.
> >> 7+ passwords is really not a strong passwored. Especially when working
> >> with
> >> archaic operating systems like Windows 98 that use LM hashes that are
> >> easily
> >> broken. A real operating system would recomend using passphrases that are
> >> 16+ characters.
> >> Brian
> >>
> >> > Okay, so what is the best policy to secure the network? I am thinking
> >> > a
> >> > combination of biometrics, passwords and potentially keycards. What
> >> > are
> >> > people's thoughts on this. Perhaps, this list as a suggestion:
> >> >
> >> > 1. fingerprint scanner -- cleaned when done to prevent band-aid
> >> > technique
> >> > of
> >> > using same fingerprints after person scanned originally
> >> >
> >> > 2. keycard access --- perhaps as a swipe which is a special keycard
> >> > seperate
> >> > from access keycard to secure and safe computer room
> >> >
> >> > 3. complex password to login to computer --- numerous passwords with at
> >> > least 7+ alpha-numeric and special character and grc.com can generate
> >> > random
> >> > complex passwords to give users an idea and Microsoft's password
> >> > checker
> >> > is
> >> > also good.
> >> >
> >> > 4. Any other thoughts?
> >> >
> >> > "Roger Abell [MVP]" wrote:
> >> >
> >> >> Also, look at what Group Policy Preferences can do for you, allowing
> >> >> you
> >> >> to run computer startup/shutdown script (selectively by GPO targets).
> >> >> Setting password from network is always a hazard as at some point the
> >> >> password is either available on the network or it is obtainable from
> >> >> its
> >> >> storage point, but at least with computer script you can make that
> >> >> storage
> >> >> inaccessible to all except the computer accounts that need access.
> >> >>
> >> >> As far as I have determined, client system local admin account(s) are
> >> >> a
> >> >> darned if you do and darned if you don't situation. The local account
> >> >> is
> >> >> not needed on most systems for daily operations. If something happens
> >> >> such that local admin login is needed it probably needs to have been
> >> >> set
> >> >> up / enabled before that something happens. If there is no local
> >> >> admin
> >> >> account prepared and available, then techs are using domain accounts,
> >> >> which probably means that there are domain accounts in daily use that
> >> >> have large-scale admin access over all, or major sections of, the
> >> >> client
> >> >> systems. If one tries to keep one local admin account ready to go, it
> >> >> should have either a unique password (and not one that can be
> >> >> determined
> >> >> from some formula such that if you know one you can substitute part
> >> >> and
> >> >> get the password for another system) or if not unique then many should
> >> >> be used, each on some small logical subset of the client systems.
> >> >> That
> >> >> however has problems in keeping track of what password to use where
> >> >> and of making passwords available when need (and only then) to those
> >> >> that need to use them (and only to those).
> >> >>
> >> >> There simply appears to be no great solution when using only accounts
> >> >> and passwords.
> >> >>
> >> >> Roger
> >> >>
> >> >> > Gurus,
> >> >> >
> >> >> > How does your organizations manage the local administrator account
> >> >> > on
> >> >> > workstations? Typically the end-users do run with "administrative"
> >> >> > privileges, but a local admin account is needed to access a machine
> >> >> > offline. So how is this account typically named (i.e. renamed) and
> >> >> > password secured (i.e., complex and only a few people know it)?
> >> >> > Then
> >> >> > you
> >> >> > have the problem of having to change this password on every
> >> >> > workstation
> >> >> > if
> >> >> > a member of the IT staff leaves. Just looking for quick thoughts
> >> >> > here,
> >> >> > no
> >> >> > long treatise on the topic is necessary!
> >> >> >
> >> >> > --
> >> >> > Spin
> >> >>
> >> >>
> >> >>
> >>
>
| 
XML site map