Tom

since I don't look after the LAN I don't get to decide. My feeling is that
it probably doesn't matter - anyone sufficiently skilled and willing to
compromise a desktop PC is probably a lot of the way towards compromising a
server on the LAN. There is a fair likelihood that the network password -
even if it WAS different - is stored in a password list or cache somewhere
on the PC.

I suspect the easiest way for me to enforce a difference between the AS/400
user naming conventions and the LAN would be to publish my standards ;)
sometimes it seems like they go out of their way to do things differently...

I can't think of a way off hand to enforce such a thing but for the same
reason I try and ensure that FTP passwords out their in the wild are boxed
into a staging area only on any AS/400 I administer AND that it has no
other log in rights or capability, I really dislike the idea that I am
subjected to the lack of basic disciplines I see in so many PC
administrators. I may be stereo typing here and for all the people I've
just upset, I apologies in advance.

While there have been many statements regarding the lack of security
surrounding the various windows OS's, there have been a fair number also
pointing out that many of the holes that can be exploited have fixes
available, it's just that in many cases they are not applied.

I could add some war stories about backup regimes/strategies I have seen
<g> but I am sure you get my drift.

I guess the one thing I do like is that if the AS/400 was the primary
authentication point (presuming EIM takes off) then I could rest assured
that if someone was authenticated they didn't get their by some chicanery.
Unfortunately, it seems to me that it is unlikely to enjoy widespread
installation until it is on a  platform that people are likely to see as
leading edge....

But that's another story :)

Regards
Evan Harris

>Evan:
>
>For the sake of this thread, do you also prefer having your users
>have different passwords between their desktop systems and any
>Windows NT (or Win2K or whatever) servers on your LAN? I realize
>the question is contentious, but the concept is worth discussion
>IMO. Further, how would you enforce a difference?
>
>Tom Liotta
>
>On Sun, 30 June 2002, Evan Harris <spanner@ihug.co.nz> wrote
>
> > the idea of having all the user passwords the same gives me
>nightmares. I
> > make a point of  not using my windows password(s) on my AS/400
>profiles(s).
> > Passwords in Windows are about as secure as writing them on a
>note above
> > your desk from some of the things I have read. Tools to extract
>passwords
> > from windows boxes are readily available on the net.
> >
> > Your password security is as strong as the weakest place a
>password is
> > retrievable from. This is the one thing I wonder about with the
>whole EIM
> > idea - will this just made it easier to steal passwords ?
> >
> > When that message pops up "do you want me to remember your
>password" how
> > many of your users would say no ?
> >
> > I prefer to use guest access for the shared drives - it makes a
>lot more
> > sense to me.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.