Search This Blog

Thursday, April 30, 2009

Locking out users gives attackers a tool for denial of service

Why locking users out of a system completely is a bad idea
Network World logo

Security Strategies Alert

NetworkWorld.com | Security Research Center | Update Your Profile


Sponsored by Oracle
rule

The Cost of Securing your Database
Security and regulatory compliance are not optional despite slashed IT budgets. Tune into this Webcast sponsored by Oracle to better understand the economics of IT security. Learn about the importance of database security in a cost-efficient IT security strategy. Learn more.

rule

Spotlight Story
Locking out users gives attackers a tool for denial of service

M. E. Kabay By M. E. Kabay
When I was a lad (OK, when I was a young systems engineer of 30 - which is 30 years ago), I was taught that if a user made several mistakes in entering her password, the system should lock her account until a system operator granted access again. The goal was to stop an attacker from guessing at a user's password without limit. Read full story

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.

Related News:

Editor's note: We will be changing how we send out Network World newsletters over the next few weeks. To ensure future delivery of your newsletters, please add nww_newsletters@newsletters.networkworld.com to your e-mail address book or 66.186.127.216 to your white-list file. Thank you.

Guide to enterprise password management drafted I hate passwords. I think passwords are a dreadful way of authenticating identity: they cost a lot, they change too often (and so users write them down), the rules for preventing dictionary and brute-force attacks are ...

The new ground zero in Internet warfare
When it comes to critical national infrastructure, the highly distributed and ultra-interconnected U.S. power grid is, hands down, the most vulnerable to cyberattack. On this one point, many cybersecurity experts seem to agree.
Read more:
Internet warfare: Is the focus on the wrong things?
The fog of (cyber) war
Could a cyber blockade happen to the U.S.?
Software: The eternal battlefield in the unending cyberwars

UPDATE: Trend Micro acquiring Third Brigade as part of data-center security strategy Trend Micro Wednesday announced it's acquiring Third Brigade, an Ottawa, Ontario provider of host-based intrusion-prevention and firewall software, for an undisclosed price.

Where PCI DSS Still Falls Short and How to Improve It There's no doubt that the mere existence of a uniform policy -- adopted, recommended and even mandated by such firm rivals as American Express, Visa and MasterCard -- is a...

Study: IT Security Certifications Required by More Employers More companies are requiring IT security certification, according to research released recently by the Computing Technology Industry Association (CompTIA).

Security pushed to provide ROI Some security professionals argue that because their profession mitigates risk, it should be excluded from the need to return capital. Moreover, some make the case that...

Prevent intrusions: What to look for In the Buying Tips section of our Product Guide, find 15 questions to ask about IPS before you buy one.

April giveaways galore
Cisco Subnet
and Microsoft Subnet are giving away training courses from Global Knowledge, valued at $2,995 and $3,495, and have copies of three hot books up for grabs: CCVP CIPT2 Quick Reference by Anthony Sequeira, Microsoft Voice Unified Communications by Joe Schurman and Microsoft Office 2007 On Demand by Steve Johnson. Deadline for entries April 30.

Network World on Twitter Get our tweets and stay plugged in to networking news.


Evolution of Ethernet
Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond.

Apple iPhoneys: The 4G edition
Apple iPhoneys: The 4G editioniPhone enthusiasts from around the Web offer their visions for the next-gen iPhone.

Sponsored by Oracle
rule

The Cost of Securing your Database
Security and regulatory compliance are not optional despite slashed IT budgets. Tune into this Webcast sponsored by Oracle to better understand the economics of IT security. Learn about the importance of database security in a cost-efficient IT security strategy. Learn more.

rule

Cut Campus Network TCO by 50%.
Learn how to reduce your campus networks' TCO by up to 50% without compromising high performance, security or reliability. Juniper Networks shows you how to achieve unparalleled consistency, flexibility and efficiency for the lowest possible TCO.
Click here to register for this Live April 30 Webcast.


DNS news and tips
DNS is not secure and is extremely vulnerable. DNS is at the core of every connection we make on the Internet. While some servers are indeed vulnerable, because of inadequate management or knowledge, the real threat is from the protocol itself and how data is easily subverted or faked as it moves around the internet.
Receive the latest DNS news and tips

 

04/30/09

Today's most-read stories:

  1. Swine flu threat raises telework questions
  2. Microsoft targets Windows, Linux management
  3. It takes a village idiot: The jerks of online forums
  4. Seven burning security questions
  5. Oracle, Sun deal brings back the glory days of FUD
  6. Military enlists open source community
  7. More ways to manage IP addresses
  8. 57 amazing things you didn't know your tech could do!
  9. The first 10 rules of Twittiquette
  10. BizTalk Server 2009 ready for the public
  11. Notebook replaces trackpad with LCD panel


Network World on Twitter: Get our tweets and stay plugged in to networking news


EMA: Refining privilege access security.
Close the security gaps in high-privilege access control and authentication by selecting the right security products for the job. This whitepaper, "Resolving the Privilege Management Paradox," details how. EMA outlines how to find products that offer strong shared access management, better control and clear visibility and multifactor authentication.
Click to download.



IT Buyers guide

 


This email was sent to security.world@gmail.com

Complimentary Subscriptions Available
for newsletter subscribers. Receive 50 issues
of Network World Magazines, in print or
electronic format, free of charge, Apply here.

Terms of Service/Privacy

 

Subscription Services Update your profile
To subscribe or unsubscribe to any Network
World newsletter, change your e-mail
address or contact us, click here.

Unsubscribe

Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701
Copyright Network World, Inc., 2009

www.networkworld.com

 

 



No comments: