Posted on 2010-09-15
As a general yes/no is it practical to say:
No passwords should be transmitted across the network plain text anymore - theres always an encrypted alternative?
I am trying to determine where passwords are still being sent by clinet software/apps across a LAN in clear text and am struggling to determine where to start, as there is over 300 servers. I am thinking about picking a sample 10 servers and running something like ettercap on the servers themselves to see what passwords it gets coming in and what protocol was used to send the password over the LAN.
However, at the end of this exercise we need to do something with these results, i.e. reivew an encrypted alternative to any findings, or accept in some cases plain text is still used in most places to an extent as there is no alternative.