New Product Automates Enhanced Password Security Policy
San Ramon, CA . – March 27, 2001 – MDD Inc. a provider of software for automating Windows NT and Windows 2000 system administration today announced availability of Password Bouncer 1.0. For Windows NT/2000 system and security administrators concerned about unauthorized access to user accounts, MDD’s Password Bouncer is a centralized management console for preventing vulnerable passwords from being used by employees and contractors. Unlike existing security products, Password Bouncer defeats hackers by using their own methods in the on-going battle to protect your network.
“The security industry has determined that 70% of all deployed firewalls are not effectively protecting the networks behind them,” says Nelson Cicchitto, CTO of MDD. “More telling is that 70% of all network compromises occur behind the firewall by a user or hacker attacking other user accounts.”
“Most users are prone to selecting simple, easy-to-remember passwords containing only letters or digits. Simple human behavior innocently reduces the effort required to compromise a password. A smart hacker can simply apply guesswork to gain unauthorized network access using spouse and child names, birthdays, anniversaries, etc.”
More insidious are freely available utilities that automate what is commonly known as a Dictionary attack. These programs compare common words from several dictionaries to compromise a user’s password. Should a hacker gain access to an administrative password and the Domain Controller’s SAM, all passwords on the network are threatened — from the mailroom to the boardroom.
Using these methods, the hacker can crack virtually any password given enough processing power and time. The key is to harden the password, so that by the time it can be compromised, it has already changed due to proper, globally enforced password policy.
PASSWORD BOUNCER – ENHANCED PASSWORD POLICY MANAGEMENT AND AUTOMATED ENFORCEMENT
Security on the network is of paramount importance requiring the cooperation of everyone from the CEO to the temporary employee. Although organizations establish and publish strong password standards that disallow common words and names, they face specific challenges when executing these policies:
1. Native tools in today’s Windows NT/2000 environment do not provide the ability to enforce truly strong password policy on the level required to effectively protect the network
2. Automated systems to compare and validate passwords against illegal wordlists do not exist
Password Bouncer is the first solution that streamlines and automates the process of centrally managing and automatically enforcing enhanced password security policy:
Ã‚Â· Reject passwords that contain common words using a 300,000-word English wordlist
Ã‚Â· Reject passwords that contain common names using a 4,000-word proper noun wordlist
Ã‚Â· Reject passwords that contain specific names or phrases using a custom wordlist that includes wildcard support
Ã‚Â· Enforce the use of upper and lower cases characters (mixed case)
Ã‚Â· Enforce the use and position of special characters
Ã‚Â· Enforce the use and position of numeric characters
Ã‚Â· Reject passwords that contain palindromes (i.e. radar or bob)
Ã‚Â· Enforce Password length, minimum and maximum
Ã‚Â· Reject passwords with repeating sequences
Cicchitto concludes, “By asserting control over the weakest security policy link, the user password, Password Bouncer is the single most effective measure that can be taken to improve internal Windows NT/2000 security. We hope to get our customers ahead of the hackers and beat them at their own game in the race to protect corporate networks.”
PRICING AND AVAILABILITY
Password Bouncer 1.0 is available for immediate download and evaluation from http://www.mddinc.com. Expected general release date is April 12, 2001. Pricing for the standard version, including the 300,000-word English wordlist and 4,000-word proper noun wordlist, is set at $995 for an annual, non-perpetual license subscription. Perpetual licensing for enhanced versions will be announced at a later date.
ABOUT MDD INC.
Master Design & Development Inc. (MDD Inc.), founded in 1995 in San Ramon, California, is pioneering unique, standards-based solutions that simplify, secure, and enhance enterprise directory management. MDD’s signature product, Trusted Enterprise Manager (TEM) is the leading Windows NT administration solution on the market today, allowing distributed enterprises to increase the quality of their IT service levels, decrease internal security exposure and dramatically lower their total cost of ownership. Over the past 3 years, MDD has generated tremendous growth in sales by deploying TEM in such organizations as NASA (60,000 seats), Chevron (45,000 seats), Eli Lily (36,000 seats) and Delta Airlines (60,000 seats); as well as many other accounts ranging from 250 seats up. To contact MDD Inc., please call (800) 609-8610, or email email@example.com. MDD Inc. can be found on the Web at: http://www.mddinc.com.