The Need for Policy with Secure Shell

No single piece of software can be a complete security solution. There are factors beyond securing communications through strong authentication and encryption that must be considered. The physical environment and the "human factor" are often overlooked as significant contributing factors to security breaches. The following list provides a suggested starting point for issues and areas of concern that a thorough security policy should address:

Password and/or passphrase policies are needed so that users don't select short, weak or guessable passwords. In addition, you should have a policy that states how often a password should be changed, and whether or not passwords can be reused.

Site security is a critical area that many organizations fail to address adequately. Portable computer users should be provided with security devices such as locking cables and should be encouraged not to leave these devices unattended, even for a "minute or two". Physical access to servers, routers, network connections and backup media should be secured and limited only to those personnel who require it.

Security audits of service providers are an excellent next step after your physical plant is secure and policies and procedure for your organization have been established and implemented. Internet Service Providers (ISP), Application Service Providers (ASP) and data storage vendors generally have robust physical and logical security in place. An audit may reveal deficiencies in their policies and physical plant but will more likely provide your organization with additional ideas to improve your own security plan.

Backup procedures are generally adopted for servers but often overlooked or ignored for client workstations. Implementing network backup procedures can protect and insure retrieval of valuable data if a client machine is lost, stolen or damaged.

Using Secure Shell with the above policies in place will enable you to economically, privately, effectively and safely use public networks like the Internet to do your day-to-day business communications with remote users or business partners.

<< Insertion and Replay Attacks

Solutions >>


	Products	Downloads	Purchase	Support	About Us
	VShell Server	VShell Server	Buy Direct	Evaluation	Contact
	SecureCRT	SecureCRT	License Pricing	Updates Policy	Press Releases
	SecureFX	SecureFX	About Encryption Export	FAQs	What's New
	VanDyke ClientPack	VanDyke ClientPack	Orders FAQ	Tips & How-Tos	Customer Stories
	Beta Software	Beta Software	Resellers	Forums	Secure Solutions
Site Map \| Legal Notices \| Privacy Policy \| Refund Policy VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. Copyright © 1995 - VanDyke Software, Inc. All rights reserved.

About Encryption Export

Site Map | Legal Notices | Privacy Policy | Refund Policy

VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.