Final Summary, Encrypted Authentication Policies. (Re: July 17 S ummary on same topic.)

Jim Dillon Jim.Dillon at
Wed Jul 24 22:09:22 GMT 2002

Thanks to the list for chipping in, I received a number of new responses.
Here is a final summary from those who participated in my query.

There were 12 responses.

4 respondees had established "No unencrypted authentication" policies and
procedures and used these in practice for as many as the last 4 years.  None
noted any significant problems as a result.

The other 8 respondees had either partially established such policies (in a
department, or for certain technologies) or were actively working on a new
campus policy or extending current process to a greater audience.

I was generally asked not to share where/who the responses were from, so I

Thanks SANS folks for your help and attention to my request.  I just
received an email yesterday designed to educate end-users to the idea and
process of eliminating all clear text authentication, including pointers to
tools, how-tos, deadlines, and contact info for assistance/help requests.
(The clueful crowd has been educated on the topic for some time in
preparation.)  Our process is moving along, as are many of yours it would

Best regards,

Jim Dillon

Jim Dillon, CISA
IT Audit Manager
jim.dillon at
Phone: 303-492-9734
Dept. Phone: 303-492-9730
Fax: 303-492-9737

More information about the unisog mailing list