RE: is the latest ISA2000 security update a dud?
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 27 Jun 2005 15:21:54 +0200
"...with the newer switches, a packet sniffer only catches broadcast
traffic by default. They'd have to be able to hack into the switch
itself and mak...."
Passive sniffers YES active NO- and without hacking into switch. There
are publicly available sniffers like that.
DavidF
________________________________
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Monday, June 27, 2005 3:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: is the latest ISA2000 security update a dud?
http://www.ISAserver.org
That's quite possible, but not that simple. On an internal network,
with the newer switches, a packet sniffer only catches broadcast traffic
by default. They'd have to be able to hack into the switch itself and
make the port they're plugged into a monitor port (where it gets ALL
traffic) in order to capture that kind of traffic.
Again, not saying it can't be done, they are several ways it "could" be
done. But the average person that is going to be causing problems (saw
a report that 86% of malicious hacking is done by disgruntled employees)
isn't going to be able to figure out how to do it very easily.
Of course, what you're describing is using someone else's network, so
anything goes. Also, in public access locations like airports and such,
you're far more likely to encounter a serious hacker. If we had
information here that was really worth anything, I'd consider a password
policy like that also. As it stands right now, only the people with
administrative privileges have a harsher password policy. The rest are
still having a really hard time with a five-letter minimum and not being
able to use the same password twice in a row. However, they discovered
that if they keep switching back and forth between two passwords it
would work, so I might have to change it.
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, June 27, 2005 08:34
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: is the latest ISA2000 security update a dud?
http://www.ISAserver.org
Hi Dan,
From what I understand (which could be wrong), they could capture the
password hash over the wire, and run it against a Rainbow crack. That's
why I've upgraded our password policy to 24+ characters, since we use
secure Exchange RPC to connect from places like airports and such.
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP
This mail was checked for viruses by GFI MailSecurity.
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI
FAXmaker), and network security and management software (GFI LANguard) -
www.gfi.com
Other related posts:
