|
NEWS YOU CAN USE FROM VANDYKE SOFTWARE® This month's issue focuses on authentication to mark the delivery of X.509 certificate authentication for UNIX in the beta 1 release of VShell® server version 2.5. This release means that X.509 certificate authentication is now supported across the entire secure product line. First, we point to several online resources to help you evaluate whether your authentication is adequate. Then, as counterpoint, we bring in some heretical views on passwords to shake the tree a bit. This month we also introduce a new section for everyday users, called "Did You Know?", to cover quick productivity hints that any user can take advantage of. ------------- 1. Beyond The Password: Time To Improve Your Authentication? -------------------------
----------------------------------------------------------------------------------------- Maybe it's been too long since you had a chance to review what's happening in authentication security. Or you might be faced with enhancing your current authentication scheme. Perhaps you're just jumping for joy at the inclusion of X.509 certificate authentication capabilities in the VShell 2.5 servers for UNIX, so you can standardize authentication across your organization. Whatever your perspective, we hope you find some valuable nuggets in our review of recent online articles on authentication. "Beyond Passwords: Stronger Authentication",
Lisa Phifer Phifer then lists and evaluates the current alternatives from tokens to smart cards to biometric identification. Stronger credentials do cost more and may involve complex new systems. The holy grail, she says, is a system like tokens or biometrics that is "virtually immune to social engineering and password crackers". She explains two-factor authentication methods such as tokens with PIN numbers, where possession of both is required to successfully log on to a system. Finally, Phifer points out ways to increase authentication security without large capital expenses for new technology. "More on Two-Factor Authentication",
Bruce Schneier "Understanding Your Authentication
Options", SearchSecurity.com ------------------------------------------------------------------------- SC Magazine reported in March 2005 that a study of 67,000 people conducted by information security provider SafeNet in the US and Europe found that 50 percent of them wrote down their passwords. But is this necessarily bad? Here is a different perspective on this widely excoriated practice. Microsoft security policy manager Jesper Johansson argues that if you prohibit users from writing down passwords, all you get are bad passwords that are easily broken. At a May 2005 meeting of Australia's CERT group, he advocated choosing excellent passwords, writing them down, and protecting the password list. That would allow users to vary their passwords more and thereby increase network security. Read the entire Johansen article on CNET News. ------------------------------------------------------------ The initial beta release of the VShell server version 2.5 is now available for download and trial. VShell 2.5 adds support for X.509 certificate authentication to UNIX platforms. All VanDyke Software secure products now support this important technology, which allows large organizations to comply with PKI policies aimed at protecting critical information and thwarting identity theft. As the costs of identity theft and electronic fraud continue to escalate, companies look to improve their user authentication policies. The X.509 standard is a well-established method of replacing vulnerable password logins. VShell 2.5 is simple to install and implement, so you can quickly deploy and realize business value. VShell's strong encryption, trusted authentication, and data integrity allow you to securely share electronic transactions inside your organization as well with contractors and customers. Fine-tuned configuration options allow you to administer your company's security policies to protect sensitive data from unauthorized access. VShell 2.5 also adds support for IPv6. IPv6 has been around for several years, but many companies are just beginning to establish timetables to implement it. The US government recently established June 2008 as its deadline for switching to IPv6, while European and Asian countries are also moving toward the new standard. There may finally be critical mass for updating this major building block of networking. To download VShell Server 2.5 or to read more about the release, please
visit the VShell
beta web pages. ---------------------------------------------------- VShell 2.5 beta 1 has arrived along with a new forum for discussing the beta releases. In the beta forum you can discuss the capabilities you need in VShell, report bugs, and request refinements. With VanDyke Software staff tracking the forums closely, the VShell beta forum is the quickest way to keep up to date on the beta cycle. Visit the VShell
beta forum today. Registration is not required to read messages, but
you will need to register in order to post in the forums or vote in polls. ------------------------------------------------------------------------------------- We ran this tip back in April, but since many users have benefited from the ability to open multiple session tabs using the /S command we thought we'd mention it again. If you often need to open two or more sessions on startup, you can set up a shortcut to SecureCRT to do this for you, tabs and all. The /S command-line switch is the key to opening multiple tabbed sessions. The syntax looks like this: securecrt.exe /S "session1" /S "session2" /S "session3" In the above example, "session1", "session2", etc.
are session names in your session list. If the sessions are configured
to open inside a tab, then this would allow you to open multiple sessions
in tabs by clicking on a single shortcut. ---------------------------------------------------------------------------- Forum member "aao" wanted to know if there is a way to configure the "click and drag" functionality to select a rectangular block of text rather than the typical Windows word-by-word selection. This method eliminates quoting characters in e-mail, and omits line numbers when copying scripts or code. To select columns or a block of text, hold down the ALT key while using the mouse to outline the text area. Then copy to the Clipboard using the Edit/Copy menu item or the keystroke accelerators CTRL+INSERT (copy) and CTRL+SHIFT+INSERT (paste). Or try using the "Copy on select" feature to copy text to the Clipboard as soon as it's selected: http://www.vandyke.com/go.php?id=nl101305j You can get more information on this topic in the SecureCRT Help file
under "Copy & Paste". ------------------------------------------------- SecureCRT and VShell have been nominated for the 2006 SC Magazine awards. The top five products that get the most votes will become finalists in this yearly industry award. Voting closes Friday, October 28, so visit the www.scawards.com today. To vote for SecureCRT or VShell, go directly to their nomination categories below. SecureCRT – Best Endpoint Security Solution VShell – Best Policy Management ---------------------------------------- VShell 2.5 beta 1 was released October 6, 2005. This version provides
strong X.509 certificate authentication on UNIX platforms, support for
the IPv6 protocol, and improved triggers. A maintenance release for VShell
2.3.7 official was made on October 13, 2005. Here is a list of the latest
official product releases: SecureCRT 5.0.3 All VanDyke Software products may be downloaded and evaluated free for 30 days. Licenses include one year of free upgrades and technical support.
RSS Feeds Now Available Links to VanDyke Software pages with RSS feeds: Subscription Information You received this e-mail because you subscribed to VanDyke Software News
when you visited our web site or downloaded a VanDyke Software product.
Click here
to unsubscribe or change your e-mail address. Don't miss out on important product news. If your ISP or e-mail client filters incoming e-mail, please add the domain @vandyke.com to your list of approved senders to make sure you receive the newsletters and product announcements to which you've subscribed.
VanDyke Software, Inc. Got questions, comments, or ideas? E-mail
or use the web forms by clicking on "Got a question or comment?"
on any page on our web site, as you'll see on our What's
New page. VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc. All other products and services mentioned are trademarks or registered trademarks of their respective companies. |
|
|