Password Cracking Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1      Introduction

1.1    Overview

Passwords are used in almost every interaction between users and information systems. Most forms of user authentication, as well as file and data protection, rely on user-supplied passwords. Since properly authenticated access is often not logged, or even if logged not likely to arouse suspicion, a compromised password is an opportunity to explore a system from the inside virtually undetected. As attacker would have complete access to any resources available to that user, and would be significantly closer to being able to access other accounts, nearby machines, and perhaps even administrative privileges. Despite this threat, accounts with bad or empty passwords remain extremely common and organizations with good password policy far too rare. The most common password vulnerabilities are that (a) user accounts have weak or non-existing passwords, (b) regardless of the strength of their passwords, users fail to protect it, and (c) the operating system or additional software creates administrative accounts with weak or non-existing passwords. Read More

Oracle Password Management Policy

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged ,

1        Introduction

1.1        Purpose

Company guidelines for managing passwords define the password security policy. In so doing, all personnel are responsible for maintaining good password practices in their systems.

The purpose of this document is to describe how the password management policy can be introduced and maintained in an Oracle database environment. Read More