Sunday, June 15, 2008

[THIN] Re: Assistance requested...

Sure they're basic questions - but if I wanted to organise an attack
profile, knowing what your limits were would be a handy thing to know in
reducing down password possibilities and increasing the likelihood of
finding a positive match.

Or, if I wanted to simply ring your users to ask them for their passwords -
knowing the answers to those questions would help me appear as a genuine
support desk caller.

Sounds like sensible advice to me.

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Chad Schneider (IT)
Sent: 15 June 2008 01:55
To: thin@freelists.org
Subject: [THIN] Re: Assistance requested...

Not sure I follow?

I am asking some basic questions, trying to compare our fellow healthcare
organizations rules, to be sure we are in check with everyone else. So long
as you are using compliant rules, I see no issue sharing such information.

Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> Tim <timothylanderson@gmail.com> 06/13/08 4:31 PM >>>
Sorry Chad

I can't give you that info other than to say they are stringent. Anyone who
does, please don't include your organization name, lest this cause an RPE
(resume producing event) for you.

Cheers

On Fri, Jun 13, 2008 at 3:18 PM, Chad Schneider (IT) <
Chad.M.Schneider@thedacare.org> wrote:

> I have been asked to get information from those in Healthcare IT,
> regarding your network password policies. We have some discussions going
on
> about are we overly compliant, under complaint, what are others doing?
>
> What I am looking for is...
>
> Your network user account (AD) password rules....
> # of characters (min/max)
> Password Age (Min/max)
> Required characters (alpha/numeric/upper/lower/special/etc.)
> Password History
>
> Any assistance in this is greatly appreciated, as I need to put together a
> report of "our peers" for management.
>
> Thanks!
>
>
> Chad Schneider
> Systems Engineer
> ThedaCare IT
> 920-735-7615
>

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

No comments: