Password Basics
Passwords are the basis of most security schemes, including Windows Server 2003. Passwords are used by client computers to log on to a domain, and they’re also used by users to log on to a domain or to a computer’s local user accounts.
In a default Windows Server 2003 environment, passwords are the keys to the entire kingdom. For example, the only difference between an unauthorized intruder and a domain administrator is that the domain administrator knows the password to a powerful user account. For that reason, it’s important that you implement procedures and policies that require strong passwords of your users.
What’s a Strong Password?
Strong passwords are passwords that are difficult for intruders to
guess or successfully duplicate. So, before you can accurately define
strong
, you need to understand the techniques
that an intruder might use to compromise a password.
As I mentioned earlier in this chapter, Windows Server 2003 stores passwords after running them through a one-way hash. That means attackers have no possibility of successfully decrypting a stored password, even if they somehow come into possession of a stored password. If an attacker does manage to obtain a hashed password and knows the hash algorithm (which she will), she must run combinations of passwords through the hash algorithm until she gets a hash result that matches the stored password. Then she’ll know the clear-text version of the password. The most common form of this attack is called a ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.