> -----Original Message-----
> From: fala83 (at) libero (dot) it [email concealed] [mailto:fala83 (at) libero (dot) it [email concealed]]
> Sent: Saturday, August 30, 2003 1:50 AM
> To: focus-ms; todd
> Subject: Re: focus-ms (at) securityfocus (dot) com [email concealed]
>
>
> In my opinion a system wouldn'n cache password locally.
> E.g. Sysadmin logs in into a workstation and password will be
> stored locally. An
> attacker could retrieve his password and login into the whole network whit
> administrative privileges. It is not completely safe.
> I'd rather prefer use Kerberos, using his tickets to access
> network resource
> without caching password.
> Anyway if the password must be stored locally, it must be!
>
> >Todd Shubert wrote:
> >
> > What exactly is the "right security policy"? Wouldn't not storing the
> > password provide problems for users, specifically laptop users, that
> > require the use of cached credentials?
>
>
> ------------------------------------------------------------------
> ---------
> KaVaDo provides the first and only integrated Web application scanner and
> firewall security suite that prevent Web applications attacks, the most
> common form of online exploitation. Download a FREE whitepaper on
> Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> ------------------------------------------------------------------
> ---------
>
>
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
you are a sysadmin.
http://support.microsoft.com/default.aspx?scid=kb;en-us;172931
zm
> -----Original Message-----
> From: fala83 (at) libero (dot) it [email concealed] [mailto:fala83 (at) libero (dot) it [email concealed]]
> Sent: Saturday, August 30, 2003 1:50 AM
> To: focus-ms; todd
> Subject: Re: focus-ms (at) securityfocus (dot) com [email concealed]
>
>
> In my opinion a system wouldn'n cache password locally.
> E.g. Sysadmin logs in into a workstation and password will be
> stored locally. An
> attacker could retrieve his password and login into the whole network whit
> administrative privileges. It is not completely safe.
> I'd rather prefer use Kerberos, using his tickets to access
> network resource
> without caching password.
> Anyway if the password must be stored locally, it must be!
>
> >Todd Shubert wrote:
> >
> > What exactly is the "right security policy"? Wouldn't not storing the
> > password provide problems for users, specifically laptop users, that
> > require the use of cached credentials?
>
>
> ------------------------------------------------------------------
> ---------
> KaVaDo provides the first and only integrated Web application scanner and
> firewall security suite that prevent Web applications attacks, the most
> common form of online exploitation. Download a FREE whitepaper on
> Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> ------------------------------------------------------------------
> ---------
>
>
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]