Comments below.
On Fri, 11 Jun 1999, Brian Steele wrote:
> Date: Fri, 11 Jun 1999 18:59:10 -0400
> From: Brian Steele <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: RE: Why not NT?
>
> >This is not a security bug... this is by design... else an attacker could
> >simply go through every account and type in 4 or 6 wrong passwords and you
> >probably wouldn't be able to log on to your NT systems even if you had the
> >right password.
>
> IMO, this is one thing that I DON'T like about NT. You're basically
> substituting one security problem for another. By NOT allowing the
> Administrator account to be locked out, an NT box is open to a brute-force
> password attack against that account. Of course many admins get around this
> problem by simply disabling the Administrator account and using another
> account for administration tasks.
>
> VMS tackles this problem quite cleverly, I think. Not only does it lock out
> accounts (including the SYSTEM account - except if the logon is taking place
> on the operator console), but it will lock out the remote device if many
> invalid login attempts start to originate from that device.
There are many hard problems in computer security, and this is but one of
them. The solution that you describe here is still "substituting one
security problem for another". In this case, you would be substituting
local account lockout for denial-of-service against remote hosts. IP is
not authenticated so you can't rely on the source IP in order to base
security decisions on. If you do, you make it very easy for a remote
attacker to prevent anyone of their choosing from accessing your device by
sending spoofed packets.
>
> Brian Steele
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
