new password idea
Mitch Wright
mitch at hq.af.mil
Fri Apr 26 01:57:13 AEST 1991
/*
* On 25 Apr 91 00:03:23 GMT,
* bennett at mp.cs.niu.edu (Scott Bennett) said:
*
*/
Scott> another useful feature: after a certain number of bad passwords are
Scott> given consecutively for a logonid, the logonid is suspended. No
Scott> further access is allowed for that logonid until [...]
Steve> Yup -- it's a great way to lock out the system administrators when
Steve> you're ready to do some serious monkey business. Or you can lock out
Steve> anyone else you don't like. This is known as a denial-of-service
Steve> attack.
Scott> [...] In our shop, we have taken the view that denial is better than
Scott> unauthorized access because denial of access leaves everything intact,
Scott> whereas that cannot be guaranteed in the case of unauthorized access.
Scott> Lockout of systems programmers has not been a problem.
It can *not* be guaranteed in *either* case. If I manage to break into your
system and lock out everyone but the account I'm using, YOU are being denied
service... not me.
Scott> Even if someone succeeded in doing that to all of the privileged
Scott> logonids that our group uses, we would still have other ways to get
Scott> back in, but those ways all require being in the computer room, which
Scott> is a secured area.
Yeah, so. "rm -rf /" doesn't take much time to do sufficient damage. Not to
even mention that you wouldn't be heading to the computer room until the
intruder is detected. And what about the intruder that is on your system
at 3am?
--
~mitch
_______________________________________________________________________________
mitch at hq.af.mil (Mitch Wright) | The Pentagon, 1B1046 | (703) 695-0262
_______________________________________________________________________________
More information about the Comp.unix.wizards
mailing list