Secure Your Network NSA-style

farker haiku writes "The NSA has unclassified a pdf on how to secure your network in sixty minutes. All in all, it's an interesting and informative read if you are in the security biz. The article covers a variety of topics such as Buffer Overflows, Intrusion Detection Systems and using Tripwire ASR to ensure the integrity of your network server."

Lots of good stuff there...

[(H)elix1]

A better link is here. Lots of good stuff from these guys. Worth a look.

Re:confused

[CDarklock]

The LAN Manager hash algorithm splits a password of up to 14 characters into two blocks of 7 characters, the second block null-padded to size. The LM hash values for single- and dual-character second blocks are well known, so an eight- or nine-character password on Windows using the LM hash is effectively a seven-character password.

This assumes you have some systems which can ONLY use the LM hash. Systems with later capabilities can be forced NEVER to use LM hashing by simply using a 15-character password or longer, which won't fit in an LM hash even if it is enabled (which it shouldn't be these days, *unless* you have legacy systems that require it).

Re:confused

[Marxist+Hacker+42]

Both Unix and Windows use slightly different one-way hashes for encrypting and storing passwords. These character length recommendations are based on those hash algorithims- and happen to be the number of bytes actually stored. IIRC- and I'm not at all sure that I do- these hash algorithims using one-way mathematics recurse down when they hit their stored character limit- using both the next character and the hash of the first character as input for the second time through the algorithim. Thus a longer password will be more secure- less likely to collide with an entirely different password.

Re:Classified information?

[ralphus]

Yes it was classified. It was classified with the unclassified classification. It was not declassified.