Your email address will not be published. Aggiungi e-mail alla newsletter. Notify me of follow-up comments by email. Notify me of new posts by email. This site uses Akismet to reduce spam. Learn how your comment data is processed. Skip to content In this second post dedicated to System Administrators who have to deal with a Risk Assessment , Security Assessment , Due Diligence or Compliance Questionnaire : if you lost the first one, you can read it here.
This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
Passwords that contain only alphanumeric characters are extremely easy to discover with several publicly available tools. Configure the Passwords must meet complexity requirements policy setting to Enabled and advise users to use a variety of characters in their passwords. When combined with a Minimum password length of 8, this policy setting ensures that the number of different possibilities for a single password is so great that it is difficult but not impossible for a brute force attack to succeed.
If the Minimum password length policy setting is increased, the average amount of time necessary for a successful attack also increases.
If the default password complexity configuration is retained, additional Help Desk calls for locked-out accounts could occur because users might not be accustomed to passwords that contain non-alphabetical characters, or they might have problems entering passwords that contain accented characters or symbols on keyboards with different layouts.
However, all users should be able to comply with the complexity requirement with minimal difficulty. If your organization has more stringent security requirements, you can create a custom version of the Passfilt.
For example, a custom password filter might require the use of non-upper-row symbols. Upper-row symbols are those that require you to press and hold the SHIFT key and then press any of the digits between 1 and 0. A custom password filter might also perform a dictionary check to verify that the proposed password does not contain common dictionary words or fragments.
However, such stringent password requirements can result in additional Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the — range.
ALT characters outside of this range can represent standard alphanumeric characters that would not add additional complexity to the password. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode.
Office Office Exchange Server. Not an IT pro? Resources for IT Professionals. Sign in. United States English. Ask a question. Quick access. Search related threads.
0コメント