Password Security in Your Organization
There are several things you can do to improve password security in your
organization, in no particular order:
- Use a strong Administrator password, and do not share it.
- Establish a password policy for organization members.
- Use a password filter to create or screen user passwords.
- Perform regular audits using L0phtCrack 6 to test the passwords in use.
- Restrict permissions on your Windows SAM and Unix password files.
- Enable auditing on password registry keys. See
this article on NTBugtraq for details on the above recommendations.
- Enable
NTLM 2 Authentication if feasible. You are required to upgrade all
Windows 95/98 and Windows NT 4.0 computers on your network. Unfortunately,
because of the cost of implementing the patch, the most cost-effective
form of security often continues to be an organizational password policy
combined with the routine use of L0phtCrack 6 password auditing.
- Restrict physical access to machines (particularly domain controllers).
|