[Gllug] Router under attack: help/advice needed
Iain M Conochie
iain at shihad.org
Thu Oct 22 11:23:49 UTC 2009
- Tethys wrote:
> On Thu, Oct 22, 2009 at 11:10 AM, Iain M Conochie <iain at shihad.org> wrote:
>
>
>> But you forget to mention that password authentication is also
>> susceptible to brute force attacks due to bad passwords. This is the
>> _main_ thing (IMHO) that keys help prevent, as if users are bad at
>> having passphrases they are worse with passwords.
>>
>
> Oh, agreed. But passwords are held on a machine under your control.
> You can run John against them via cron every night and disable any
> accounts with weak passwords. Passphrases are held on a machine that
> (usually) isn't under your control. You can't check to see if they're
> weak (or indeed, present at all).
>
Which is true for internal (corporate) systems, not if you have
customers to deal with :)
TBH, an internal corporate network should be more secure that connecting
over the internet. I know you cannot guarantee this and is bad security
practice to assume it, but the flexibility it gives you is one trade off
I am willing to accept. Then again I do not work in network security, I
am but a humble sysadmin.
Cheers
Iain
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list