Security Myths

Last week Bruce Schneier and others blogged about the Security Myths and Passwords paper written by Professor Eugene H. Spafford concerning the best practices or “rules of thumb” that many people accept without careful consideration, particularly policies requiring regular password changes (e.g., monthly). As someone developing a password policy requiring regular password changes, in my case 90 days, I understand his logic but also disagree to some degree. Until we can move folks to using, and also requiring, long passwords as a norm, requiring period password changes, not 30 days mind you, will still be necessary.

Recently Jesper Johansson posted a blog concerning a paper he and Steve Riley wrote titled “Deconstructing Common Security Myths” which is included in the May/June issue of Technet Magazine. The paper is a good read and has a section on complex passwords vs. long password. The myths he covers are:

It's Always Better to Wait for an Official Solution to a Problem

You Should Wait Before Deploying an OS or Service Pack

Password Cracking is a Valid Way to Ensure that We Have Strong Passwords.

Passwords Must Be Complex to Be Strong.

You Can Always Roll Back Configuration Errors with Setup security.inf

NTLM Is Bad, and you Should Disable It.

Don't Allow User Names to Display Because They Leak Half the Secret You Need to Log On.

Let's Block Bad Stuff.

Security Controls Are Better When Centralized.

I've Updated. I've got Antimalware. I've got a Firewall. I'm safe.

Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

 

Advertisements

Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Blog, IT Management, Security, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories
May 2006
M T W T F S S
« Apr   Jun »
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: