Cyber Security Expo
 
QuickSilver: Root Password Rotation as a security measure for Small/Medium Scale LANs by Arjun Venkatraman on 07/09/05

In an academic/small scale development environment, where development and training are taking place on a regular basis, it is not always feasible to prevent the users from obtaining the administrator level passwords for individual systems in order to modify configuration to suit individual project needs. This is especially true in the case of academic project development. In such a scenario if the administrator passwords are common for all the systems are common the following threats emerge

  • a. In the case of the password leaking through one user to multiple users, malicious or accidental harm to the system could occur.

  • b.If the passwords are not changed frequently, data which is meant to be confidential may be accessible by unauthorized users.

  • c. Passwords chosen by humans are typically insecure, since most users choose passwords which are easy to crack by brute force or standard dictionary hacks.

  • The primary attack pattern in such a situation is one of Social Engineering wherein the attacker takes advantage of the userís lack of knowledge to gain security sensitive information about a system.

    This document is in PDF format. To view it click here.

    Rate this article

    All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.