mailing list archives
From: "Shanna Daly" <SDaly () securenet com au>
Date: Thu, 20 Feb 2003 08:58:21 +1100
Just been on a course and they drummed this into us "if its not in
writing, don't do it".
If you are going to run any network tool, make sure that you have
permission in writing from the appropriate person.
But aside from that, its true, if you badger them enough they will
From: simsjs [mailto:sims () interex org]
Sent: Wednesday, 19 February 2003 9:05 AM
To: ullmic6; security-basics
Subject: Re: passwords
With this being said, you have to make sure that you will not get in
trouble for running this crack on your users, check the security policy
and make sure it is clearly stated there whether or not you have this
right. If you do not have a security policy, you should create one
(these are great for covering your rear). Also notify your manager what
you are going to do and show him where the security policy says you have
the right to do it. After a few times doing this, you will find that
users would rather pick something to get you off their backs than to
have to listen to your lecture every few months.
- Re: passwords, (continued)