Firewalls: Re: Security aspects of user names (more)

Firewalls
(February 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Security aspects of user names (more)
From:	"Jonathan M. Bresler" <m1jmb00 @ FRB . GOV>
Date:	Fri, 23 Feb 1996 10:46:07 -0500 (EST)
To:	Martin Fredriksson <martin @ msp . se>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 91 . 960222224420 . 180C-100000 @ enterprise . msp . se>

On Fri, 23 Feb 1996, Martin Fredriksson wrote:

> I agree to the basic idea that we should not distribute any information which
> could make it easier for the bad guys, but I also think that REAL security
> cannot depend on obscurity in this case.  If the mail name is the same as the
> user account name, we need to make it very hard to mount an attack based on
> that information (e.g. by disallowing any login attempts, always using strong
> authentication, etc). 

	exactly, dont count on hiding login names providing any 
additional protection.  dont provide any unncessary information that may help
the outsiders.

References:

Security aspects of user names (more)
From: Martin Fredriksson <martin @ msp . se>

Indexed By Date	Previous:	Re: looking for PD FTP client that supports PASV From: dhw @ filoli . com (David Wolfskill)
Indexed By Date	Next:	Re: firewall backup ? From: "Jonathan M. Bresler" <m1jmb00 @ FRB . GOV>
Indexed By Thread	Previous:	Security aspects of user names (more) From: Martin Fredriksson <martin @ msp . se>
Indexed By Thread	Next:	firewall backup ? From: Kim <cgkim @ kotel . co . kr>