|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: compromised machines
From: bob (vxul
yahoo.com)
Date: Mon Aug 30 2004 - 17:18:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I suggest the download of MSBA. Which can be found at
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
It tests for weak passwords and among other things proccess's that dont need
to be running.
.02
-japboy
----- Original Message -----
From: "Mike Lyman" <mikelyman-securitycomcast.net>
To: <incidentssecurityfocus.com>
Sent: Friday, August 27, 2004 11:12 PM
Subject: Re: compromised machines
> Scott Weeks wrote:
>>
>> Are you sure they didn't crack the passwords? Do you have 'strong'
>> passwords on the machines?
>
> Don't forget derived/incremented passwords. Users who have passwords
> cracked and then go on to continue to use the series will cause you
> problems. BigDog1, BigDog2, BigDog3, BigDogX is fairly guessable and I
> know from experience they will cause you problems even if they are
> otherwise "strong."
>
> On Windows you can implement a custom passflt.dll that will check for
> these. Look for numbers, replace them with 0-9 and hash and compare with
> the password history. If you have a match, you've got a password
> incrementer.
>
> (Sorry but I didn't code the passflt.dll we used that did that but from
> what I've seen of the documentation on Microsoft's site on passflt.dll, it
> should be repeatable. While you are at it, throw in a small dictionary
> check for common words.)
>
> --
> Mike Lyman, CISSP
> mikelyman-securitycomcast.net
>
> "You can't take the sky from me"
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]