Take It From The Top

摘要

Chances are good that many of your servers share administrator passwords that haven't been changed in a long time. Chances also are good that these passwords are well-known to many staff members-including some former ones. If that doesn't scare you, it should: Anyone who knows the passwords could log in and have complete control over servers and applications, and you'd have no ability to track who made changes or accessed data. The problems with poor administrative password management extend beyond insiders to external threats as well. Penetration testers have proven that there's a way into nearly every network, and once attackers find it-often in a typical user's desktop-they can reverse-engineer the passwords on the system and discover the local administrator password. If this password is common to other systems, as it often is, attackers can then use it to access other systems and move through the network.