Why to Adopt .Net

Written by Pawan Bangar

Continued from page 1
•New opportunities: with .Net software and services, corporate IT departments will share inrepparttar ability to create new and novel revenue streams. By exposing key business processes that were typically locked in internal systems,repparttar 107786 enterprise can create a number of new and exciting opportunities to make money. •Empowering Employees: .Net offersrepparttar 107787 promise of allowing employees to act onrepparttar 107788 appropriate information where and when they need it. A contact or appointment added to a pocket PC by a project manager while at a job site can instantly be accessible to members ofrepparttar 107789 same team scattered throughrepparttar 107790 world.

Pawan Bangar Director birbals group India

The Problems with Passwords

Written by ArticSoft - www.articsoft.com

Continued from page 1

Network systems and services, andrepparttar introduction ofrepparttar 107785 PC as a networked device as well as a stand-alone computer, together createdrepparttar 107786 idea that it must be possible to have infinite retries at gettingrepparttar 107787 password right. (Inrepparttar 107788 case ofrepparttar 107789 PC, concern was focused uponrepparttar 107790 problem of having its owner get locked out with no way to recoverrepparttar 107791 situation. Therefore, some systems had physical password reset buttons to get round this problem.) The attacker was being given a massive advantage!

The Internet, built for resilience and information sharing, includedrepparttar 107792 idea of an ID/password, but did not provide encryption to protectrepparttar 107793 password and allowed infinite retries to get it right. As a result, passwords are usually transmitted unprotected, and may be sent with every page that needs access to a password protected area as well as allowingrepparttar 107794 attacker allrepparttar 107795 timerepparttar 107796 site is up to try and crack it.

Potential routes forwards

The biggest hurdle to overcome isrepparttar 107797 ability of a user to hit more than six consecutive keys reliably, given that they cannot ‘see’repparttar 107798 results of what they are doing. (Actually, this is not new. Anyone with a Remington typewriter No 3 and before would know thatrepparttar 107799 type basket on those models hitrepparttar 107800 paper directly underrepparttar 107801 roller, not onrepparttar 107802 front ofrepparttar 107803 roller, andrepparttar 107804 user had to liftrepparttar 107805 roller to see what they had typed.)

Of course a user needs a bit of practice in order to get a longer password right. Constant change makes for bad typing. Using a much longer password, say 30 or so character positions, may not be guaranteed to generate whatrepparttar 107806 cryptologists call entropy, but it has a good chance. If it is combined with using hash algorithms that generate much larger spaces (say SHA-1 512) thenrepparttar 107807 attack space will still be large compared with current results.

A long password should also be harder to crack with short dictionary attacks and more resistant to brute force attacks, becauserepparttar 107808 time to create eitherrepparttar 107809 password orrepparttar 107810 hash becomes significant. This may have a lot to recommend itself. Long passwords are also resistant to being captured by others by mere observation (except when keystroke capturing methods are in use) because there is too much now forrepparttar 107811 attacker to remember, no matter how often then observe. (Perhaps videos will become more popular in ‘public places’.

But how do you educate users into using passwords successfully?

The first thing to remember is thatrepparttar 107812 length must be proportionate torepparttar 107813 overall security requirement. If a ‘three strikes and you’re out’ system combined with a token of almost any kind is in use you can live with a 4-digit PIN. If there are multiple systems then a single long password could be used as a system enabler for all services.

Choosing long passwords is notrepparttar 107814 daunting prospect that so destroys choosing short passwords. Natural language is now to be preferred since it must be memorable. Butrepparttar 107815 expression ofrepparttar 107816 natural language must be left torepparttar 107817 capricious nature ofrepparttar 107818 user.

By way of some examples of longer passwords, one could considerrepparttar 107819 following:

“Table!house*”, “Knight(soil)” or “Dem0n**manager”. Other examples that could work include, “1066andallthat”, “Hangthe****donkey” or “Now isrepparttar 107820 time forall men”. This last one is a quotation, but it’s still hard to guess or attack, especially if you don’t know whererepparttar 107821 spaces are! These kinds of passwords are proof against any dictionary attack, and, provided they are not changed often, users are more likely to choose something difficult and unique. Another handy feature is that they are slightly harder to share with friends since there is so much more to remember.

Never forgetrepparttar 107822 real purpose

The password, as we use it today, is more often than notrepparttar 107823 ‘secret’ that unlocks systems capabilities or grants authorizations (including access control). In future services it will be used to authorize cryptographic secrets, most likely held in software, and then later in hardware. These ‘keystores’ may hold various secrets, perhaps even including other passwords that are transparent torepparttar 107824 user. Where infinite retries are possible,repparttar 107825 use of short passwords will represent a significant, and avoidable weakness which designers may one day be called to account for.

Ultimately,repparttar 107826 real purpose of a security system is to try and makerepparttar 107827 user’s life easy whilst makingrepparttar 107828 attacker’s life difficult. Systems that ignorerepparttar 107829 user are going to fail withrepparttar 107830 very community they are supposed to serve.

Whenever users cannot managerepparttar 107831 systems they are given an advantage is being given torepparttar 107832 attacker because they will exploit those aspects ofrepparttar 107833 system first. Similarly, a poorly designed system will fail and will compromiserepparttar 107834 very users it is supposed to protect. Poor design is much harder to fix than bad coding or errors in implementation.

Steve Mathews, is one of the authors of ISO/IEC 17799 (formerly BS7799) and is well recognized in the security industry. He provides security advice to the European commission, the UK Government and an impressive range of globally based Fortune 100 companies. He regularly lectures on risk management, PKI, information security management and secure e-business implementation.

    <Back to Page 1
ImproveHomeLife.com © 2005
Terms of Use