Search specialized certification training options on the HLT site [Home] Click for the Site Map HERE

 
WWW This Website  

     06/28/2009


Administrator Password Tips
from a Master Hacker -
He is paid to find security vulnerabilities
HyperLearning Certification Training Virginia Beach Norfolk VA Chesapeake VA Navy Bases Tidewater Community College

I just finished my CCSP certification ... trying to get the Certified Ethical Hacker Certification... that will really get me established in the Network Security field. My goal is to...get a job in the Tokyo Financial district maybe in one of the investment banks to protect and secure their networks...thanks for all the help and guidance you have given me throughout my career... click here for more testimonials...

Weekly Blog - What's Happening Now?


Schedule - Class Announcements
Master Class Schedule
Daytime Classes
Corporate classes
Nite & Weekend Classes
Classroom rental meeting rooms
Classroom photo albums
Pre-registration instructions for corporate IT training classes
Night, Evening, and Saturday Classes
Microsoft Certifications
Microsoft Office Training / MCAS
Microsoft 70-291 BootCamp in Feb 2009
Windows 2008 Training and Free Server
A+ Network+ Security+
Fiber Optics & Cat-5
Computer Security
DoD Inst 8570.01-M Mandate
Project Mgmt & PMP
Cisco Certifications
Military appreciation prices for Cisco certs
About HyperLearning
Driving, Dining, and Hotel information
Contact Us
Site Map
Price List
Bad weather closings?
Job opportunities for trainers
Job opportunities for students and graduates
On-line registration form
Free computer training tutorials
Dictionary of computer training acronyms

Administrator Password Security Tips - from a Master Hacker.

NOTE:  The author of most of these comments is a computer security professional, who has asked that personal identity not be disclosed.  This author is currently employed, full-time, in a position that requires travel around the globe regularly, to different locations to attempt to "hack" the computer security.  (The author also wears a white hat - so don't be afraid to follow this tip.)

I have some concerns with the password tips given on the site below ( http://go.techtarget.com/r/1981127/281587 ).

The very first tool that is recommended in that article is PSPasswd, which can be used along with a batch file to automatically change the local administrator password on local and remote machines.

The local administrator password should NEVER be the same as the domain administrator password!

Second, the local administrator password on one machine should not be the same as the password on another.

If this is too much of a management burden, at least ensure that local admin passwords on domain controllers differ significantly.

Ideally, the passwords should all be different. Log them in a binder, and put the binder in a fire-proof safe. Minimize employee access to the safe/vault.  [Only use the local administrator password, when it is absolutely necessary.  In a domain, your domain login will normally be all you will need to administer a machine.]

Why? Because of another tool recommended in the article, that I never leave home without: Peter Nordhal's NT Password Changer boot disk...

There is a way to use this CD in such a manner that allows local administrator log-in without a password, while at the same time leaving the original password intact. No, I am not kidding; and no, I will not tell anyone how.

Once the local admin password for one machine has been dumped and cracked, I can frequently spread to other machines with the same password.

Surprisingly, I can often spread to the domain controllers in this manner, even if the domain admin password is different. Once I can load my own software on your network, it is not your network anymore!!

If Lan Manager (LM) is enabled, and the password is 14 characters or less, I can crack it in a few hours regardless of the complexity.

You should enable NTLM, DISABLE LM, and require a minimum password length of 15 characters. [Note:  Active Directory wil not allow you to set minimum password length to 15 characters, so set Active Directory minimum password policy to 14 characters, and make 15 characters a written policy.] 

Complexity does not matter as far as cracking is concerned. [In fact a "Complex passwords" policy, as it is currently known in the computer-world is counter-productive.  It just makes passwords harder to remember.  Teach people to create long, easy to remember (for them) "Pass-phrases."  A good example might be "Password is not enough!" This far-exceeds the required 14 characters, is complex (upper and lower case characters, special characters, and spaces), and easy to remember.  With pass-phrases implemented, you can even relax the requirement to change passwords to once a quarter or twice a year.] With a long password or pass-phrase, even shoulder-surfing becomes difficult. Trust me. ;)

I can already hear the nay-sayers: "No one can physically get to my boxes!" Trust me, it can be done. If not, what about the angry guy in the next cubicle who is quitting and going to a competitor in three weeks?
 

Webmaster Will Harper, MCSE, MCT, CCNA 06/28/2009 10:25

(Other sites maintained by webmaster, http://www.twosteptidewatere.com http://www.parkwaymfg.com http://www.gtechnetworks.com http://www.willharper.com )

 

 

We offer many easy ways to pay for your computer training and certification programs, including Visa and MasterCard  Click this icon to obtain a BBB report on computer training and certification Virginia Beach, serving Norfolk VA, Chesapeake VA, Suffolk VA, Portsmouth VA and Tidewater VA and Hampton Roads VA   computer training from a microsoft gold certified partner for learning solutions CPLS

We are an OppInc/Workforce Investment Act ( http://nex-step.org/job_seekers/workforce_centers.htm ) Approved Contractor; we participate with Tidewater Community College's (TCC) Virginia Workforce Development program ( http://www.tcc.edu/wd/ ); and we are approved for GI Bill computer certification.  We can even refer you to a bank (if your credit is good, or you have a co-signer)
If you have any questions or would like more information about our training or services, email or call or fax George Geyer, Will Harper, Roger W. Geyer, or Vicki Ervin, our Training Consultant.

HyperLearning Technologies
Microsoft Gold Certified Partner for Learning Solutions (CPLS)
Computer Training, Computer Certifications, Computer Bootcamps, Computer Classroom Rentals, Corporate Training and Corporate Meeting Rooms

google map to this location

PLEASE NOTE:
HyperLearning has moved to a bigger, better training facility on Feb 18, 2008.
Please update your records and visit us soon!
Click HERE to view Photographs
HyperLearning Technologies
3630 S. Plaza Trail, Suite 250
Virginia Beach, VA 23452
Phone:  757.495.0714 (Training Center)
757.495.5487 (Home Office)
757.651.1117 / 377.3165 (Cell)
Call any time between 8:00 AM and 8:30 PM.
After 5:00 PM, call the Training Consultant line, direct, at (757) 651-1117.
(Training Consultant direct line is not open until after 5:00 PM)
Fax: 757.495.3725
email: Please type 'George.Geyer' '@' 'HyperLearn.com' into your email address to email HyperLearning Technologies' President. Providing Microsoft training, CompTIA training, and computer security trainining in Virginia Beach, Norfolk VA, Chesapeake VA, Suffolk VA, Portsmouth, and all of Tidewater and Hampton Roads / Newport News