>This is not a security bug... this is by design... else an attacker could
>simply go through every account and type in 4 or 6 wrong passwords and you
>probably wouldn't be able to log on to your NT systems even if you had the
>right password.
IMO, this is one thing that I DON'T like about NT. You're basically
substituting one security problem for another. By NOT allowing the
Administrator account to be locked out, an NT box is open to a brute-force
password attack against that account. Of course many admins get around this
problem by simply disabling the Administrator account and using another
account for administration tasks.
VMS tackles this problem quite cleverly, I think. Not only does it lock out
accounts (including the SYSTEM account - except if the logon is taking place
on the operator console), but it will lock out the remote device if many
invalid login attempts start to originate from that device.
Brian Steele
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
