I think that we're forgetting that most security breaches are internally based. While we still need to take measures against external attacks, all the measures we're talking about won't stop someone already inside the firewall and the office, if they are determined to get into something and have some ability to do so.
Software management is not a substitute for people management. Rick -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head Sent: Wednesday, January 17, 2007 9:04 AM To: [email protected] Subject: Re: Remedy Vulnerability Or you could enable AREA and pass all of the authentication to an external app that does a better job of locking out brute force attempts -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Lee Phillippi Sent: Wednesday, January 17, 2007 9:58 AM To: [email protected] Subject: Re: Remedy Vulnerability You need 7.0 mid tier and AR server to be secure. Previous versions are a joke. The error message tells you if the account exists and they allow unlimited attempts to hack the password. 7.0 was developed to meet government requirements. You need both 7.0 mid tier and 7.0 AR server. You can't upgrade just one or the other and be secure. ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
