Computerworld - Passwords are a constant source of problems in my organization. They're irritating, they're obtrusive, they're constantly being forgotten, and they don't even provide a good level of security. Long-term, I'm trying to replace our Windows passwords with smart-card access, but until that happens, we've got to cope with passwords.
Our current problem is at our help desk. When Joe User forgets his password, all he has to do is call the help desk and they'll reset it for him. You have to offer this service - legitimate users are forever forgetting their passwords, and you have to have a way to let them back into the system.
| This Week's Glossary X Window System: A multitasking, windowing graphical user interface program that runs on a Unix host for communicating between X terminal devices and Unix host systems. X terminal: A terminal connected to the X Window System that presents a window-based user interface to the user and allows the user to access multiple applications at the same time. For the more technical reader, here are the details of three security risks that our scanner identified on four of our systems, with information about how to remedy them: • A remote host shouldn't allow trusted access from the scanning machine. This trust may extend to other inappropriate machines as well. Examine the .rhosts file and ensure that it contains a list of only those machines that should be trusted. • Open X Window displays allow an attacker to capture keystrokes and to execute commands remotely. Many users have their X server set to "xhost +," permitting access to the X server by anyone, from anywhere. Either issue an "xhost -" command to deny access to everyone and selectively allow only trusted hosts to connect with xhost + commands, use a cryptographically secure authentication protocol such as xauth, or remove X Window. • The inverse query feature supported on some domain name servers (DNS) shouldn't be used. An attacker can use this feature to obtain a zone transfer. Zone transfers identify every machine registered with your DNS and can be used by attackers to better understand your network. The zone transfer occurs even if you've disabled zone transfers on your server. Configure your DNS to disable inverse queries. |
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
