Knowing that the most porous spots in a corporation's network security defense are sometimes the simple passwords devised by not-so-clever end-users, Avatier this week unveiled an administrative tool that sets and enforces policies for the creation of passwords on Windows-based systems.
The company's Password Bouncer Deluxe includes software that allows administrators to create policies that govern how a password must be constructed using a combination of letters, numbers and/or special characters. Once created, those policies force users to create passwords that are hardened against brute force attacks from hackers, either internally or externally.
Corporations often force employees to change passwords at regular intervals as a security precaution. All too often, however, users pick simple passwords that are easy to remember but susceptible to hackers.
"People spend so much on firewalls and to protect their [network] perimeters, but passwords can be the weakest link," says Nelson Cicchitto, CEO of Avatier. "We extend the password policies in Windows NT and Active Directory so your passwords are harder to hack."
Natively, Windows NT has policies that restrict password length and history, which prevents the reuse of passwords for a certain amount of time. Windows 2000 Active Directory adds requirements to include mixed case, numbers or special characters.
Password Bouncer pushes those requirements up a few notches. Through a wizard-driven interface, administrators can set policies that force the use of upper and lower case letters and the position of certain characters such as requiring the fourth character in any password to be a numeral or restricting passwords that end with numerals or special characters. Restrictions also can be set on using common words and names, company ID numbers, or the use of palindromes, which is a word, phrase, verse, or sentence that reads the same backward or forward.
Administrators also can choose to exempt certain users from the password policies.
The software comes with a list of common dictionary terms in English, French, Italian, German and Spanish that can be barred from use. It also has a list of common proper names and the option to create a customized list of industry specific or others terms.
The software installs on a Windows primary or backup domain controller and automatically pushes out its filters to any server connected to the network. Users can manage multiple domains from a single console so rules are consistent across an organization.
Passwords are checked at the time of creation and administrators can post an HTML document on an intranet site explaining the password policies.
Password Bouncer can work in conjunction with another Avatier product called Password Station.Net, which is a Web-based self-service tool for end-users who have forgotten their passwords. Users initially log their passwords with Password Station and answer a number of questions. The answers are stored in Active Directory. If the user forgets his password, he goes to a URL and is presented with the questions. If they are answered correctly, the user is presented with the forgotten password.
Password Bouncer is available now and is priced per domain. A perpetual license is $9,995. An annual license is $1,995.
RELATED LINKS
Contact Senior Editor John Fontana
Other recent articles by Fontana
Error 404--Not Found |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.4.5 404 Not FoundThe server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. |
