Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!uakari.primate.wisc.edu!sdd.hp.com!cs.utexas.edu!asuvax!ukma!dftsrv!hq!mitch From: mitch@hq.af.mil (Mitch Wright) Newsgroups: comp.unix.wizards Subject: Re: new password idea Message-ID: Date: 25 Apr 91 15:57:13 GMT References: <1991Apr23.182654.22452@odin.corp.sgi.com> <1991Apr24.004539.3881@mp.cs.niu.edu> <14655@ulysses.att.com> <1991Apr25.000323.7702@mp.cs.niu.edu> Sender: mitch@hq.af.mil Organization: Air Force HQ, The Pentagon Lines: 40 In-reply-to: bennett@mp.cs.niu.edu's message of 25 Apr 91 00:03:23 GMT /* * On 25 Apr 91 00:03:23 GMT, * bennett@mp.cs.niu.edu (Scott Bennett) said: * */ Scott> another useful feature: after a certain number of bad passwords are Scott> given consecutively for a logonid, the logonid is suspended. No Scott> further access is allowed for that logonid until [...] Steve> Yup -- it's a great way to lock out the system administrators when Steve> you're ready to do some serious monkey business. Or you can lock out Steve> anyone else you don't like. This is known as a denial-of-service Steve> attack. Scott> [...] In our shop, we have taken the view that denial is better than Scott> unauthorized access because denial of access leaves everything intact, Scott> whereas that cannot be guaranteed in the case of unauthorized access. Scott> Lockout of systems programmers has not been a problem. It can *not* be guaranteed in *either* case. If I manage to break into your system and lock out everyone but the account I'm using, YOU are being denied service... not me. Scott> Even if someone succeeded in doing that to all of the privileged Scott> logonids that our group uses, we would still have other ways to get Scott> back in, but those ways all require being in the computer room, which Scott> is a secured area. Yeah, so. "rm -rf /" doesn't take much time to do sufficient damage. Not to even mention that you wouldn't be heading to the computer room until the intruder is detected. And what about the intruder that is on your system at 3am? -- ~mitch _______________________________________________________________________________ mitch@hq.af.mil (Mitch Wright) | The Pentagon, 1B1046 | (703) 695-0262 _______________________________________________________________________________