But these configurations
cannot check for dictionary words or calculate how much protection is being provided
from brute-force attacks. So the team can use a hacking tool to carry out dictionary
and brute-force attacks on individual passwords to actually test their strength. The other
choice is to go to all employees and ask what their password is, write down the password,
and eyeball it to determine if it is good enough. Not a good alternative.
NOTE A company??™s security policy should state that this type of password
testing activity is allowed by the security team. Breaking employees??™ passwords
could be seen as intrusive and wrong if management does not acknowledge
and allow for such activities to take place. Make sure you get permission
before you undertake this type of activity.
The same security staff need to make sure that their firewall and router configurations
will actually provide the protection level that the company requires. They could read the
manuals, make the configuration changes, implement ACLs (access control lists), and
then go and get some coffee. Or they could implement the configurations and then run
tests against these settings to see if they are allowing malicious traffic into what they
thought had controlled access.
Pages:
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74