If you're making recommendations to managment consider using the tool Microsoft PowerPoint. Sounds like you have enough info for a short presentation with some charts. Graphs will be easier to digest than technical reports and you can back this with reference to best practice guidance from SANS or other reputable sources.
Jim On 27/11/2009, Francois Lachance <[email protected]> wrote: > I am currently doing a password audit for my employer. I am somewhat > shocked at the success rate Opthcrack liveCD returns with the free > small rainbow table in an AD network that has the complex password GPO > setting turned on - 96% after 5:50hrs > > Now that I have all those juicy passwords, I would like to do some > kind of analysis to make recommendations to management. My first > recommendation will probably be to increase the minimum password > length. > > I have two questions for the list: > 1. What tools can I use to do that analysis? > 2. Is there a way to force better complex password rules than what > Microsoft provides in Windows 2003? > > Thanks! > > -- > Sent from my mobile device > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
