8.2. Good Authentication Required
By now, the need for good authentication should be obvious. A service that passes logon information as clear text is far too easy to monitor. Easily snooped logons can be an even larger problem in environments that do not require frequent password changes, which gives our attacker plenty of time to launch an attack using the compromised account. Also of concern is that most users try to maintain the same logon name and password for all accounts. Thus, if an attacker can capture the authentication credentials from an insecure service (such as POP3), they might now have a valid logon name and passwords to other systems on the network, such as NT and NetWare servers.
Good authentication goes beyond validating the ...
Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
