8.2. Good Authentication Required

By now, the need for good authentication should be obvious. A service that passes logon information as clear text is far too easy to monitor. Easily snooped logons can be an even larger problem in environments that do not require frequent password changes, which gives our attacker plenty of time to launch an attack using the compromised account. Also of concern is that most users try to maintain the same logon name and password for all accounts. Thus, if an attacker can capture the authentication credentials from an insecure service (such as POP3), they might now have a valid logon name and passwords to other systems on the network, such as NT and NetWare servers.

Good authentication goes beyond validating the ...

Get Mastering™ Network Security, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.