OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Loren Aman (lamanhtch.com)
Date: Tue Jun 26 2001 - 23:33:52 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Here's a couple more:

    Password Appraiser - http://www.quakenbush.com/
    Password Defender - http://www.brd.ie/ntsecurity/

    At 01:43 PM 6/22/01 -0400, Wayne Gibson wrote:
    >Password Policy Enforcer runs on the PDC. There is a client-side .dll that
    >brings up a window with the password requirements during the change
    >process but it's optional. Good product.
    >
    >>
    >>-----Original Message-----
    >>From: Bruce K. Marshall [mailto:brucemlucent.com]
    >>Sent: Thursday, June 21, 2001 3:14 PM
    >>To: tschubertjorycapital.com; focus-mssecurityfocus.com
    >>Subject: RE: forcing strong passwords
    >>
    >>
    >>
    >>I personally know of two sources:
    >>
    >>http://ntsecurity.nu/toolbox/strongpass/
    >>
    >>His version of the DLL seems specifically focused on combating the problem
    >>of 7-character LM password hashes. He provides the DLL but not the source
    >>code.
    >>
    >>http://www.mddinc.com/PasswordBouncer/
    >>I believe this product uses a DLL tied into a central policy server for
    >>customizing the strength of passwords in your environment.
    >>
    >>Another option is Password Policy Enforcer:
    >>http://www.tpis.com.au/products/ppe/default.htm
    >>I don't think that PPE uses GINA DLL, but rather requires code to be loaded
    >>on the client. I could be misinterpreting the product info on their Web
    >>site though.
    >>
    >>You can find some additional info and source code for developing your own
    >>GINA at the following link:
    >>http://support.microsoft.com/support/kb/articles/Q151/0/82.asp
    >>
    >>
    >>----
    >>Bruce K. Marshall - brucemlucent.com - 913-338-5090 x114
    >>Lucent Technologies Worldwide Services - Overland Park, KS
    >>
    >>
    >> > -----Original Message-----
    >> > From: Todd Schubert [mailto:tschubertjorycapital.com]
    >> > Sent: Wednesday, June 20, 2001 5:13 PM
    >> > To: focus-mssecurityfocus.com
    >> > Subject: forcing strong passwords
    >> >
    >> >
    >> > The "NSA Windows NT Security Guidelines" discusses DLL's that can be
    >> > installed and will activate each time a password is changed
    >> > to insure that
    >> > it meets minimum standards. I was wondering if anyone has
    >> > written custom
    >> > DLL's or knows of any that could be used to enforce long
    >> > passwords (>8) with
    >> > numbers, letters, and symbols.
    >> >
    >> > I would prefer to write one myself but I have no idea how one
    >> > would go about
    >> > writing a DLL. Any input on this would also be of assistance (tools,
    >> > languages, compilers, do's and don'ts).
    >
    >_________________________________________________________________
    >Get your FREE download of MSN Explorer at http://explorer.msn.com

    Loren Aman
    Network Security Analyst
    Hutchinson Technology, Inc
    320-587-1237
    lamanhtch.com