W dniu 2010-11-29 16:43, Paul Gilmartin pisze:
On Mon, 29 Nov 2010 05:27:56 -0600, John McKown wrote:
What gets me on this is that, in the recent past, some people at work
were wanting an "automatic resume" of any RACF id which got too many
password violations after some interval - like 10 minutes. So try "n"
times, wait "m" minutes, rinse and repeat. Luckily this was killed.
The proposal isn't totally unreasonable in that it multiplies the
time required for a brute force attack by a few orders of magnitude.
I knew a product which imposed an escalating lockout time before
retry for each unsuccessful attempt.
The proposal is *very* reasonable. Such functionality could be very
convenient and it's NOT security breach. Note: YOU CAN SWITCH IT OFF!
A choice is good. For those who do not accept such solution the
functionality would be disabled. For others that means saved FTE's. IMHO
it's better (safer) that "self service password reset".
Would I switch it on? I wouldn't decide, IT'S NOT MY DOG. ;-)
My dog is to abide by (observe) the rules.
--
Radoslaw Skorupka
Lodz, Poland
--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl
Sąd Rejonowy dla m. st. Warszawy
XII Wydział Gospodarczy Krajowego Rejestru Sądowego,
nr rejestru przedsiębiorców KRS 0000025237
NIP: 526-021-50-88
Według stanu na dzień 16.07.2010 r. kapitał zakładowy BRE Banku SA (w całości wpłacony) wynosi 168.248.328 złotych.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
