To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.off-topic.geekOpen lugnet.off-topic.geek in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Off-Topic / Geek / 2865
2864  |  2866
Subject: 
 Re: Security?
Newsgroups: 
 lugnet.off-topic.geek
Date: 
 Tue, 13 Mar 2001 14:55:56 GMT
Viewed: 
 194 times
  
In lugnet.off-topic.geek, Dan Boger writes:
Dave Schuler wrote:

First of all, a lot of systems don't lock out accounts, just because
they are misconfigured, or their admin doesn't realise the danger.

  Sure, but what's the point of disabling my system after my own bogus
attempts?  To date, the only one who's been kept out of my system for that
reason is me!  I mean, why set "3" as the magic number, if external,
high-voulme attacks are the big danger?

because disabling the login (at least for a while) does help defend
against brute force attacks.  and the number 3 isn't magical in any way
- I think a lot of systems have it set for 5, and from what I know, it's
always configurable.  the admin can set it for 20 or something, without
a major loss to security, imo.

  8^)  I'd figured that "3" had no inherent signficance but was just a standard.

if I have a copy of your password file, I can put it on my system and
run an external program - the file itself doesn't lock up, it's the
system that does that.  If I put your file on my system, nothing will
lock it out after 3 tries :)

does this explain anything?

  Yeah--now how do I get into my system?

     Dave!



Message has 1 Reply:
  Re: Security?
 
(...) uhh.... have a valid login and remember it's password? ;) or, get your admin to set the lockout to 30 minutes or so, so at least you don't have to bother him every time your forget :P Dan (24 years ago, 13-Mar-01, to lugnet.off-topic.geek)

Message is in Reply To:
  Re: Security?
 
(...) because disabling the login (at least for a while) does help defend against brute force attacks. and the number 3 isn't magical in any way - I think a lot of systems have it set for 5, and from what I know, it's always configurable. the admin (...) (24 years ago, 13-Mar-01, to lugnet.off-topic.geek)

8 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR