I think you restricted yourself a bit? surely the strength of the password will determine the degree of triviality.

If it is a non-dictionary password, a dictionary attack cannot work, because it won't be there. They would have to brute force it or install a keylogging/password sniffing program.
Absolutely - one of the main points I made during the presentation was the fact that weak passwords combined with generic usernames were creating potential security holes... the su password on this particular server was indeed a dictionary word, however...

But then, shouldn't you be looking at your logs, running IDS and auditing for weak passwords?
Correct again... actually, my partner in this project wrote a "logger" which was essentially a script written to combine the commands of several UNIX logging functions into one.

I intend to set up an IDS during the winter break; I'd like to place one of the older workstations in front of the switch equipped with BSD; this box would be the "pinch-point" for the network, complete with snort, ethereal, etc. This shouldn't cause a "bottleneck" as long as I allow the investigative programs to drop packets, right?

As far as weak passwords, I wrote a Java program earlier in the semester that would read in a list of the names of computer science majors, and would generate strong user passwords using an algorithm based upon modulus math, a cipher alphabet of symbols, and the students full name.

While it will be used next year to create the initial student passwords, my boss insisted that users be able to change their password, and that I must find a way to ensure they use strong psswords... I suggested that they e-mail me first for vrification, but she suggestd I write a script to do it... <...more work... >