On Fri, Feb 6, 2015 at 5:05 PM, John R Pierce <pierce at hogranch.com> wrote:> On 2/6/2015 7:19 AM, Always Learning wrote: >> >> stronger passwords for SQL > > > the hackers had the database administrators user account credentials, and > were coming in through the VPN via said credentials. I doubt stronger > passwords would have mattered.Hmmm, maybe a reasonable argument for the crypto-card type VPNs where the passwords aren't reusable... -- Les Mikesell lesmikesell at gmail.com
On 2/6/2015 3:24 PM, Les Mikesell wrote:> Hmmm, maybe a reasonable argument for the crypto-card type VPNs where > the passwords aren't reusable...indeed, my $job uses an RSA token based authentication for the VPN, but internal host access uses simple username/password. -- john r pierce 37N 122W somewhere on the middle of the left coast
On Fri, 2015-02-06 at 17:24 -0600, Les Mikesell wrote:> On Fri, Feb 6, 2015 at 5:05 PM, John R Pierce <pierce at hogranch.com> wrote: > > On 2/6/2015 7:19 AM, Always Learning wrote: > >> > >> stronger passwords for SQL > > > > > > the hackers had the database administrators user account credentials, and > > were coming in through the VPN via said credentials. I doubt stronger > > passwords would have mattered.> Hmmm, maybe a reasonable argument for the crypto-card type VPNs where > the passwords aren't reusable...Excellent suggestion especially as the current 'defences' failed. Rather senseless for some to rely so enthusiastically upon the existing failed protection. Definitely +1 for that good and safer idea. -- Regards, Paul. England, EU. Je suis Charlie.
On 02/07/2015 12:48 PM, Always Learning wrote:> On Fri, 2015-02-06 at 17:24 -0600, Les Mikesell wrote: > >> On Fri, Feb 6, 2015 at 5:05 PM, John R Pierce <pierce at hogranch.com> wrote: >>> On 2/6/2015 7:19 AM, Always Learning wrote: >>>> stronger passwords for SQL >>> >>> the hackers had the database administrators user account credentials, and >>> were coming in through the VPN via said credentials. I doubt stronger >>> passwords would have mattered. >> Hmmm, maybe a reasonable argument for the crypto-card type VPNs where >> the passwords aren't reusable... > Excellent suggestion especially as the current 'defences' failed. Rather > senseless for some to rely so enthusiastically upon the existing failed > protection. > > Definitely +1 for that good and safer idea.Two factor authentication is really what one needs for all servers providing secure services: i.e something you know and something you possess Google does this via a password (known) and a key txt'd to your cell phone (something you possess). Simple and quite cost effective as most folk that work on servers are likely to already have a cell phone and it works world wide. I haven't checked if Google offers an API for this, but sending txt messages from a server must not be that difficult to achieve. Another task for my scantly available spare time.>
On 02/06/15 18:24, Les Mikesell wrote:> On Fri, Feb 6, 2015 at 5:05 PM, John R Pierce <pierce at hogranch.com> wrote: >> On 2/6/2015 7:19 AM, Always Learning wrote: >>> >>> stronger passwords for SQL >> >> >> the hackers had the database administrators user account credentials, and >> were coming in through the VPN via said credentials. I doubt stronger >> passwords would have mattered. > > Hmmm, maybe a reasonable argument for the crypto-card type VPNs where > the passwords aren't reusable... >Something worth looking at: https://www.grc.com/sqrl/sqrl.htm -- _ ?v? /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ****