RE: password stores?
One common solution is a hash based on the cpe site name or some other unique key provided by the cpe information (address, ph #, etc). Changing the hash occasionally provides new passwords, and it is all easily scripted.. -----Original Message----- From: Daniska Tomas [mailto:tomas@tronet.com] Sent: Tuesday, July 23, 2002 2:35 AM To: nanog@merit.edu Subject: password stores? hi, i'm wondering how large isps offering managed cpe services manage their password databases. let's say radius/tacacs is used for normal cpe user aaa, but there is some 'backup' local user account created on the cpe for situations when the radius server is unreachable. for security reasons, this backup account (as well as snmp communities, radius key etc.) is unique per cpe to avoid frauds caused by end-users (even if one does password recovery on the cpe, they still don't have the password for other cpe's). if there are hundreds or thousands of these cpe's that could mean storing of tens thousands of password. are there any crypto-based products available or do the people use their own stuff? thanks -- Tomas Daniska systems engineer Tronet Computer Networks Plynarenska 5, 829 75 Bratislava, Slovakia tel: +421 2 58224111, fax: +421 2 58224199 A transistor protected by a fast-acting fuse will protect the fuse by blowing first.
On Tue, 23 Jul 2002, Shawn Solomon wrote:
One common solution is a hash based on the cpe site name or some other unique key provided by the cpe information (address, ph #, etc). Changing the hash occasionally provides new passwords, and it is all easily scripted..
Most burglar alarms in the US don't meet UL installation standards for burglar alarms. Although the box is usually UL listed, and when configured properly could meet UL installation standards, neither customers nor alarm companies feel the need. Other than banks and museums, it seems to be pretty rare. The most common variance is similar to the statement above, although not as sophisticated. Should we secure routers better, worse or the same as burglar alarms? While I agree there are settings which are insecure, its seems like we haven't figured out the optimum level of security yet. Which may be less than what the experts think.
participants (2)
-
Sean Donelan
-
Shawn Solomon