A recent Computerworld article by Todd Weiss, reinforces a basiic fact – that weak passwords make life easy for hackers. What he also mentions, and is not as obvious to many administrators, is the number of password attempts that are made on their servers.
Unless you monitor what is going on computers, you could be living in blissful ignorance.
Almost every machine which accepts connections is challenged many times each day and although there are many things you can do to protect your machines, the lowly password is an effective line of defense.
The author’s suggestion of an eight digit password using random letters, numbers and special characters is borne out by our own experience cracking passwords in our forensics lab. Dictionary, slightly modified dictionary, and shorter passwords are routinely cracked in minutes. Since technology advances quickly, we routinely use several more digits in our own servers.
Defense in depth is the best approach in protecting your machines. But as you pursue sophisticated defenses, don’t ignore the lowly password. Establish and enforce a password policy.