Everything said to this point is very good...
>
> A typical attack vector, however, for 1000+ account sites is a
> compromised account. You can assume at least 5 per 1000 accounts are
> compromised or have easily guessable passwords. Those will not heed your
> policy forms whatever you do. You can mitigate the risk by separating
> systems and limiting account access. When this is not possible,
> ProPolice, W^X, StackGhost, etc will come in very handy.
>
This is partly poo. ProPolice, W^X etc, will not help you from a
compromised account. They may help in keeping that compromised account
from escalating priviledge, but not from getting in. if you are
running a public server it is absolutely necessary to make sure your
passwords are not easily guessable. We do this with the "passwordcheck"
program set up in login.conf. (See login.conf(8) for details). Now the
gotcha is that while you need to be effective in what you check, being
too simplisticly effecive in a password checker will reduce the search
space so much that brute forcing the password becomes easy. (thinks like
saying an 8 character password must have 4 numbers in it is really dumb).
I've posted my checking script here before. Check the archives.
-Bob
