new password idea

Scott Bennett bennett at mp.cs.niu.edu
Thu Apr 25 10:03:23 AEST 1991


In article <14655 at ulysses.att.com> smb at ulysses.att.com (Steven Bellovin) writes:
>In article <1991Apr24.004539.3881 at mp.cs.niu.edu>, bennett at mp.cs.niu.edu (Scott Bennett) writes:
>} 
>}      On some of our non-UNIX systems we use a security package that has
>} another useful feature:  after a certain number of bad passwords are
>} given consecutively for a logonid, the logonid is suspended.  No
>} further access is allowed for that logonid until someone with authority
>} to reactivate it has become involved.  While this in itself offers
>} an avenue for abuse
>
>Yup -- it's a great way to lock out the system administrators when
>you're ready to do some serious monkey business.  Or you can lock out
>anyone else you don't like.  This is known as a denial-of-service
>attack.

     Of course.  One cannot, it would seem, have it both ways.  Therefore,
one must choose the lesser of the evils.  In our shop, we have taken the
view that denial is better than unauthorized access because denial of
access leaves everything intact, whereas that cannot be guaranteed in
the case of unauthorized access.  Lockout of systems programmers has not
been a problem.  Even if someone succeeded in doing that to all of the
privileged logonids that our group uses, we would still have other ways
to get back in, but those ways all require being in the computer room,
which is a secured area.  Also, if anything like that happened around
here, there would probably be immediate involvement of law enforcement
agencies and in the meantime no damage would have been done to data or
programs.


                                  Scott Bennett, Comm. ASMELG, CFIAG
                                  Systems Programming
                                  Northern Illinois University
                                  DeKalb, Illinois 60115
**********************************************************************
* Internet:       bennett at cs.niu.edu                                 *
* BITNET:         A01SJB1 at NIU                                        *
*--------------------------------------------------------------------*
*  "Spent a little time on the mountain, Spent a little time on the  *
*   Hill, The things that went down you don't understand, But I      *
*   think in time you will."  Oakland, 19 Feb. 1991, first time      *
*  since 25 Sept. 1970!!!  Yippee!!!!  Wondering what's NeXT... :-)  *
**********************************************************************



More information about the Comp.unix.wizards mailing list