Who said password cracking is dead?


In a recent conference, I was privy to a insightful session on password cracking. No, not pass-the-hash, pass-the-ticket, token manipulation, or other high-tech techniques. Rather, just simple brute force hacks, with some twists. It reinforced what I have been teaching for years, which is that our passwords are nearly worthless. Let me explain.

Most organizations allow users to use weak and pathetic passwords. A typical password policy looks like this:

  • Minimum password length: 6 to 10 characters
  • Types of characters in the password: At least 3 or the 4 required (a, A, 1, $)

One would think, since that is the default from Microsoft, that it would be a good recipe for a strong password. Unfortunately, it is not. …

Why should you bother about Firewall Change Management


To secure your IT network, you need an efficient Firewall. To make the Firewall efficient, you have to tune it properly. But, even when you configure the Firewall to tune the performance, you have to be cautious. Check the configuration changes at every stage. Look out for conflicts. Audit the users involved. Overlooking any of these will lead to a gaping hole in the Firewall, which will in turn make your network prone to vulnerability.

There are enough stories available in the industry. In many companies, because of a critical configuration change, there were instances businesses got disrupted for long hours. Subsequent loss of time to find out what went wrong. So, the sure short way to avoid all these losses a…