Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Eric Pancer <epancer () SECURITY DEPAUL EDU>
Date: Fri, 27 Aug 2004 11:35:00 -0500
Theresa M Rowe wrote on Fri, 2004-08-27 at 12:17:58 -0400...
Yes, that's what I was looking for. Your policy does not explicitly state the password cracking technique, but you have had campus discussion on the policy? For us to create an IT policy here, there's at least 4 rounds of different committee review and approval. We'd have to explicitely state we were going to try to crack passwords, or the policy would not support the action.
Such is the reason your policy should be able to cover things like this for authorized security staff (note, I didn't not say administrative staff, but security staff). We've talked to several people in our organization over the past few years that are more than happy to have us doing something to protect them. We've also talked to some that are a bit uneasy with us putting taps in place, etc., but they understand *why* a security group would do such a thing, and developing trust within the community is far more key (at least for us) than developing some iron-fisted policy. However, YMMV. -- Eric Pancer :.: Computer Security Response Team :.: DePaul University http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Eric Pancer (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
(Thread continues...)