If you want to verify the strength of your password policy, or ensure that your users are not weakening your network security with simple passwords, just try cracking them yourself.
Tools like John the Ripper or Cain and Abel will use dictionary, brute force, and hybrid techniques to try to crack your passwords. A dictionary attack just tries every possible password from a dictionary database, while brute force tries literally every possible character combination. The hybrid approach combines the two to crack passwords like "p@ssw0rd"--those that are based on a dictionary word but substitute some letters with alternative characters.
Depending on the results, you can either modify the entire password policy to make it more secure in general, or simply identify those accounts with weak passwords and work with individual users to implement stronger ones.
These tools aren't just useful in a small business environment--try them out on your PC at home, and see how well your personal passwords hold up.
To plug the holes and strengthen your network and PC defenses, you first have to know where the weak points are. A vulnerability scanner can be an effective tool for identifying where and how you are vulnerable so you can manage the risk and either patch the holes or implement additional protection to mitigate the risk.
Nessus has been the gold standard for vulnerability scanners. At one point it was available for free as an open-source tool, but it is now a commercial product available through Tenable Network Security. The Nessus software can be downloaded for free, but in order to use it businesses must also subscribe to the Nessus feed, which supplies the tests and audits that Nessus needs to probe your network. The Professional Feed subscription costs $1200 per year.
While not as robust, the Nessus 2 engine is still open-source and forms the backbone of free tools such as OpenVAS. It may not be as robust or well known as Nessus, but IT admins who can't stomach the $1200 subscription should at least take a look at what it can do.
Home users can check out Microsoft Baseline Security Analyzer. This free tool from Microsoft scans your Windows PCs to detect common security misconfigurations and missing security updates on your computer systems.