"...with the newer switches, a packet sniffer only catches broadcast traffic by default. They'd have to be able to hack into the switch itself and mak...." Passive sniffers YES active NO- and without hacking into switch. There are publicly available sniffers like that. DavidF ________________________________ From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, June 27, 2005 3:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: is the latest ISA2000 security update a dud? http://www.ISAserver.org That's quite possible, but not that simple. On an internal network, with the newer switches, a packet sniffer only catches broadcast traffic by default. They'd have to be able to hack into the switch itself and make the port they're plugged into a monitor port (where it gets ALL traffic) in order to capture that kind of traffic. Again, not saying it can't be done, they are several ways it "could" be done. But the average person that is going to be causing problems (saw a report that 86% of malicious hacking is done by disgruntled employees) isn't going to be able to figure out how to do it very easily. Of course, what you're describing is using someone else's network, so anything goes. Also, in public access locations like airports and such, you're far more likely to encounter a serious hacker. If we had information here that was really worth anything, I'd consider a password policy like that also. As it stands right now, only the people with administrative privileges have a harsher password policy. The rest are still having a really hard time with a five-letter minimum and not being able to use the same password twice in a row. However, they discovered that if they keep switching back and forth between two passwords it would work, so I might have to change it. ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Monday, June 27, 2005 08:34 To: [ISAserver.org Discussion List] Subject: [isalist] RE: is the latest ISA2000 security update a dud? http://www.ISAserver.org Hi Dan, From what I understand (which could be wrong), they could capture the password hash over the wire, and run it against a Rainbow crack. That's why I've upgraded our password policy to 24+ characters, since we use secure Exchange RPC to connect from places like airports and such. Tom <http://www.isaserver.org/shinder> www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7 MVP This mail was checked for viruses by GFI MailSecurity. GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com