Security

by Carissa Carissa No Comments

The Password Is…….”Secure”

At some point, we’ve all experienced that dilemma that comes with choosing a new password. Whether the account is for access to business data, personal financial data, or private resources, we’re left with trying to decide if we should provide a weaker password that is easier to remember or a stronger password that we are more likely to forget in the name of protecting our data. If you continue to face that quandary as you define new accounts or change your passwords, here are a few things to consider that might help in defining secure passwords that can be used effectively.

First, all passwords should be at least eight characters in length. Simple math logic dictates that in general, the longer a password is, the harder it will be to guess for any attacker. A common practice for making long passwords easier to remember is to use a pass phrase. You can use the first letter of each word in a phrase, a song lyric, or a favorite quote to create easy to remember yet non-sensical passwords. “Four score and seven year ago, our fathers brought forth” can become “Fs&7yaofbf” – which is a ten character password that can still be remembered and recreated after you have finished reading this refresher.

Second, all passwords should contain a variety of upper/lowercase letters, numbers, or special characters. Using this tip to expand the number of possible values within the password can make passwords considerably harder to compromise. Consider that a password of “password” and a password of “Pa$$w0rD” are both eight character passwords, but clearly one will be harder to compromise than the other. It is much harder to brute-force attack an eight character password that has almost one-hundred different options for each character than a password of the same length that has only twenty-six options for each character.

Third, a common expression in password management is that you should treat your passwords like your toothbrush – “never share it with anyone and change it regularly.” The problem with sharing a password, whether for support or to allow someone to temporarily use your system, is it provides potential malicious users with insight into the personal pattern you use for creating passwords. If you share that your secure password is MyDogI$R3x, then it becomes worth noting to the malicious user that you have decided at least once to tie a password to the name of a pet. If you have reused that password on other systems, or used a similar process to create other passwords, the process of guessing becomes much easier.

Lastly, there are several common sense points worth reiterating when it comes to securing passwords.

  • Do not write down your passwords. If you need to store seldom used passwords for future reference, use a free encrypted password storage utility, such as Passkeeper.
  • Do not use dictionary words, your username, or family names as a base for your password.
  • Do not use any of those taboo categories supplemented with just a number at the front or back of the word to try to make it more secure.
  • Do not send your password via email. Of course, this overlaps with never sharing your password with anyone, but is important enough to mention again.While no method for creating passwords manually will be as secure as random One-Time Passwords (OTP) that many people have used for access to more secure systems, following those simple guidelines can help to minimize risk, help you remember secure passwords, and move you along the path of having better security habits.

For more information regarding Best Practices in password security or the One-Time Security (OTP) options, please contact your Keller Schroeder Senior Account Manager.

by Carissa Carissa No Comments

Message in an eBottle – Email/Message Archiving Solution

Read the story of Donald Wylie (pdf).

As IT professionals investigate solutions to enable their companies’ message storage needs, litigation concerns, and compliance with increasing regulatory requirements; message archiving quickly becomes a topic of discussion. For many, the Barracuda Message Archiver has become their solution of choice. As a complete and affordable email archiving solution, it enables you to effectively index and preserve emails, enhance operational efficiencies and achieve regulatory compliance needs.

The four driving forces for message archiving include:

Storage Management – Not only is the volume of email messages continuing to increase, the average size of an email message is also becoming larger. Increased use of file attachments in email messages results in the average email ranging between 22KB and 350KB. The ability to adequately keep up with these increasing storage demands can be costly. Although storage solutions can provide short term resolutions, email archiving solutions provide a more resourceful way of handling the issue over a longer period.

Knowledge Management – Your email system contains an increasing amount of vital company intelligence, some of which may not be replicated anywhere else. If that email becomes unavailable, you run the risk of losing that intelligence. Email archiving solutions can provide management tools for storing and controlling access to an organizations knowledge base.

Litigation support – Any company in any industry is vulnerable to being implicated in lawsuits. Today’s litigation discovery can involve all parties and requires that all information relevant to the lawsuit be provided at the request of the court of law. Finding and producing such information can often cost more than the actual damages claimed in the lawsuit itself. The use of an email archiving solution can help mitigate many of those costs.

Compliance – The driving force behind the increased demand for email archiving solutions is compliance. The staggering number of regulations – some industry estimates are as many as 10,000 worldwide – requiring email retention and specific parameters regarding how and for how long email should be stored can be confusing for administrators.

The Barracuda Message Archiver is a complete email archiving solution that meets all four driving forces. It enables effective indexing of emails, enhances operational efficiencies and addresses regulatory compliance. It provides everything needed to comply with government regulations within an easily administered plug-and-play hardware solution. It can store and index all email for easy search and retrieval by both in-house personnel and third-party auditors. It receives automatic updates, similar to Barracuda’s SPAM and WEB filtering products, to its extensive library of virus and policy definitions enabling enhanced monitoring of corporate and compliance guidelines, email attached document file format updates, and security updates for the underlying platform.

To learn more about this appliance or to facilitate an evaluation unit, please contact your Keller Schroeder Sr. Account Manager.

Barracuda Message Archiver FAQ
http://www.barracudanetworks.com/ns/products/archiver-faq.php

by Carissa Carissa No Comments

Cisco NAC Controls My Sharona Network

As Network Security continues to play an important role within any company environment, as IT professionals, we continue to explore additional tools and mechanisms to enhance infrastructure security. One such product is the Cisco Network Admission Control (NAC) product set.

The Cisco NAC solution is a combination of three primary products including Cisco’s Clean Access Server (CAS), Clean Access Manager (CAM), and Clean Access Agent (CAA). In addition, other products such as the Cisco NAC Network Module for ISR model routers, the Cisco NAC Profiler, Cisco Access Control Server (ACS), and 3rd party product integration (eg. Microsoft’s Network Access Protection) can be deployed to further enhance the overall solution.

The concept behind the Cisco NAC solution is simple. Any device attempting to access a network is quaranteened until NAC enforces company policies regarding anti-virus, anti-spyware, and OS levels. Once determined to be compliant, the device is permitted access based upon the role assigned as part of the process either by user authentication, IP address MAC address, or other means. This can be deployed for wired devices (LAN or WAN), wireless devices, and remote access (VPN) connections.

The two primary methods of deployment are In-Band and Out-of-Band. This is specific to the Cisco CAS (Clean Access Server) placement and relevant to the type of connection for which it is designed to protect. In-Band (“in the path”) deployments are generally for wireless, remote access (VPN) and branch office connections; whereas the Out-of-Band deployments are typically more applicable to the single site campus LAN segment of the infrastructure. The combination of these two deployment methods create a dynamic and flexible solution for most environments.

For more information pertaining to the Cisco NAC solution and the products of which its comprised, you can visit Cisco’s website http://www.cisco.com/go/nac/ and contact your Keller Schroeder Sr. Account Manager to discuss how your environment can benefit from a Cisco NAC solution.

Top