[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive] [an error occurred while processing this directive]
;) Packet-Securitydot com
[an error occurred while processing this directive] [an error occurred while processing this directive]

Papers By Bagarre:

  • Intro to PGP
  • Chris Snell give a good explaination of what Pretty Good Privacy is and how it works.

  • Intro to Pseudo Code
  • A good read on the basics of pseudo code and program management.

  • I'd rather be fragging
  • Bypassing those Linksys boxes, some ACLs and tons of other fun stuff.

  • The Art of Wardialing
  • A lost art? Not worth exploring? I think not.

  • deny, Deny, DENY
  • If you didn't say it could come in, it shouldn't. This will be a discussion on router ACLs and the construction of a DMZ.

  • OPP Other People's Passwords
  • How do you get your users to use good passwords? How important is it?

  • The Enemy Within
  • Do you trust your users? Should you? The internal threat is real and needs to be addressed with written policy, permissions and well planned grouping.

  • Who's Watching Who?
  • The intruder is no doubt looking at your traffic. You should too. How will you know what's not normal if you've never seen your normal traffic on the wire?

      [an error occurred while processing this directive]
    [an error occurred while processing this directive]
    [an error occurred while processing this directive]
    Other People's Passwords
    [an error occurred while processing this directive]
    Loading Document
    If the page does not load, click here.
    [an error occurred while processing this directive] [an error occurred while processing this directive]

    In today's world of online life, everyone knows what a password is. Everybody has them, everybody uses them but few people actually protect them. What good is this type of authentication if youre going to stick it up on your monitor with a post-it-note?

     Passwords are your first (if not, only) line of defense and pretty important in the grand scheme of network security. They allow a person to prove they Are who they say they are. With a password, you can become that person online. So, what should we do to make sure they stay safe? Common thoughts in the security world is, passwords must be at least eight characters, contain upper and lower case letters, at least one number, a special character and be changed every 30 to 60 days. Heh heh. How many people actually follow that? Your hard core folks might but, your users wont and if they did, your help desk will be flooded each month by users who have forgotten what they typed. My question is, do we really need passwords that are so difficult to remember?

    [an error occurred while processing this directive] [an error occurred while processing this directive]

    Cryptology and hash cracking isn't what I'm going to talk about. Not everyone is interested in (or needs to know) exactly what happens when you type in a password and how it's stored or even what it looks like on the wire as you log in. What we do need to know is, with the power of computers today, no password hash is safe. No one actualy 'cracks' a password. You can't. It's a one way, non-reversing type of encryption. what peopel can do, it brute force or dictionary attack your passwords once they collect the encrypted version. (Wich is sent every time you log on) With a Pentium III 800mhz computer and free available software from the 'net, Windows and UNIX passwords can be cracked within 72 or so hours. And that's a very strong password like FT^&sb1}+2! Imagine how quickly Cowboys#1 can be busted with a good dictionary attack! And they both follow the same rules of strong passwords (Caps, Numbers, Special Characters, Over Eight characters). So, what's the point? The point is, strong passwords are not as strong as people like to think. If an intruder gets a hold of a password hash or sniffs them off the wire (The enemy within), it's only a matter of time.

    [an error occurred while processing this directive] [an error occurred while processing this directive]

     Keeping up with other people's passwords is a major headache, not improving your security and costing your company money in man hours. Of all the networks I've seen broken into, no password policy would have made a difference. Your time is better spent on your routers and making sure your public servers are patched and locked down. By all means, keep track of failed/sucessful logons at your servers but, don't kill yourself over it.  Advise your staff to be creative with their passwords and make them things they can remember. This wont stop a dtermined intruder but, it will cut down  on office problems.

    Passwords are like  key locks, they keep honest men honest but do nothing to the thief.

      -Bagarre

    [an error occurred while processing this directive] [an error occurred while processing this directive]

    Loading Document
    If the page does not load, click here.



    Google Packet-Security.com
    [an error occurred while processing this directive]
    [an error occurred while processing this directive]