March 2007

Security 101

There isn't a day that goes by where there isn't an alert about some new virus or Trojan or worm that's invading and infecting large numbers of computers.  Or a network that grinds to a halt because of a DoS attack.  To be sure, these threats are real and they can affect not only a company's network, but its bottom line.

Yet, some threats to a computer network can be much closer to home due to poor habits and practices of users, themselves.  Practices involving passwords is a good case in point.

Protecting Passwords

Probably one of the single greatest user-generated threats to network security is in the area of passwords. It's not uncommon to walk by a computer and find the user's password on a sticky note attached to the monitor or beside the keyboard. 

Another all too common practice is for a user to share his or her password with a co-worker.  Many people who do this ignore the fact that they are giving someone else license to access a workstation or network as them.  In the case where company e-mail and Internet policies are strictly monitored and enforced, this can result in undesirable consequences.

Computer and network security is in place in order to protect the confidentiality and integrity of a company's information assets.  Therefore, it is essential that basic, common-sense practices be observed in maintaining network security.  Protecting passwords is a good place to start.

Password Complexity

Ensuring proper password length and complexity is an important step in maintaining security.  A commonly accepted standard for a secure password is one that is a minimum of 8 characters in length. As well, the password should be created with a combination of uppercase and lowercase letters, numbers, and/or special characters such as "$" or "&".

Passwords that are too short, contain some or all of the user's name, or the user's birthdate, are easily guessed and are therefore not very secure.  And, of course, using the word "password" as a password is as effective as a screen door on a submarine. It's really common sense, but it is amazing how many users fail to employ it when creating passwords.

Password Changes

Frequency of password changes is another important consideration.  There should be no such thing as a password for life.  Passwords should be changed at regular and frequent intervals.  Many organizations require users to change their passwords every 90 days.  In other situations, the interval may be shorter or longer, but it is important that passwords are changed on a regular basis.  Password complexity and reset policies can easily be enforced with network operating systems used today.

Biometrics

Multipartite authentication, that is, more than one method used to provide access to a computer or network, is being increasingly employed by companies today.  Biometric devices such as thumbprint scanners are gaining popularity.  Because fingerprints are unique, this is a very secure means of authenticating an authorized user. 

Digitally encoded smart cards are another means of providing secure access.  When used in conjunction with a password, thumbprint scanners and smart cards allow for a much greater level of security than using a password alone.

^Top

description