Close Window
 

NEWS YOU CAN USE FROM VANDYKE SOFTWARE

A Monthly Newsletter - October 2002

This month's newsletter highlights official releases of VanDyke Software(TM) secure products with new public-key management tools, a case study on cross-platform file revision and project management, and a tip on how to use a new wizard for entering license information into your VanDyke Software products.

SecureCRT(R) 4.0 and CRT(TM) 4.0 now provide basic Wyse 50/60 emulation and customization of menus and toolbars. SecureCRT also includes a VSH.EXE command-line utility that allows SSH sessions without the SecureCRT window.


--------
Contents
--------

1. Case Study - Secure File Revision and Project Management
2. New Releases - Focus on Public-Key Authentication
3. Free Download - OpenSSH Source Code with Public-Key Support
4. Tips - Entering License Information Made Easier
5. Current Releases
6. Recommended Reading - Passwords to Public Keys

-----------------------------------------------------------
1. Case Study - Secure File Revision and Project Management
-----------------------------------------------------------

An Internet Consulting Firm Creates a Cross-platform Collaborative Environment for Secure File Revision and Project Management.

Integrating Windows(R) workgroup users into a collaborative environment with Linux and UNIX(R) users was a challenge for Multi-M/IA, an Internet consulting firm located in the Netherlands. The company uses CVS and SOAP hosted on external Linux servers. SOAP services were secured with OpenSSH
tunneling, but the company's Windows users had difficulty with command-line windows, resulting in extra time for administration and support.

To overcome these issues, Multi-M/IA's UNIX administrator deployed VShell(TM) on the company's Windows 2000(R) workgroup server. SecureCRT and SecureFX client applications provided secure data tunneling (port forwarding) and remote file access. VanDyke Software server and client applications combined with WinCVS helped Multi-M/IA reduce training and support time while providing its Windows users with easy-to-use collaborative tools and interoperability with OpenSSH and CVS.

Read more about how Multi-M/IA created a solid, easy-to-maintain collaborative environment for its Windows workgroup at:

http://www.vandyke.com/solutions/case_studies/multi_mia.html


--------------------------------------------------------------------------
2. New Releases - Focus on Public-Key Authentication
--------------------------------------------------------------------------

Password authentication, though long the easiest and most commonly used security measure, has inherent weaknesses. Passwords need to be strong and resistant to dictionary attacks. But long, obscure passwords are hard to remember. And passwords are prone to social engineering--if asked, many people will just give their password away. The bottom line is that passwords
are vulnerable.

A recent article, "Psst... I know your password," by Robert Lemos (ZDNet News, May 22, 2002, 4:55 AM PT), focuses on vulnerabilities in user passwords. It offers a good overview of the reasons why
passwords are typically an ineffective security measure, from human factors to technical limitations. (To read this article, go to: http://zdnet.com/com/2100-1105-920092.html.)

A solution is to replace passwords with public-key authentication. Public-key authentication has been difficult for large organizations to deploy, primarily because of the complexities of uploading a public key from the client PC, where the key is generated, to the server, where the key is needed for authentication.

Public Key Assistant removes these barriers to public-key implementation by allowing end users to easily upload and manage their own public keys on the server. Key generation and upload involves just a wiggle and a click of the mouse.

The VanDyke Software public-key management solution enables organizations to benefit from the increased security of public keys while reducing administrative hassles for network administrators
and providing a simple, easy-to-use solution for end users.

With the official release of SecureCRT 4.0, Public Key Assistant is now available in all VanDyke Software secure products.

Read more about the new official versions of SecureCRT 4.0 and SecureFX 2.1 with Public Key Assistant at:

SecureCRT 4.0
http://www.vandyke.com/products/securecrt/index.html
SecureFX 2.1
http://www.vandyke.com/products/securefx/index.html


--------------------------------------------------------------------------------------------
3. Free download - OpenSSH Source Code With Public-Key Support
--------------------------------------------------------------------------------------------

VanDyke Software has posted extended OpenSSH source code (version 3.4p1) as a free download on our web site. These extensions support the Public Key Assistant feature in all secure VanDyke Software products, allowing end users to upload public keys to an OpenSSH server securely. If your organization has OpenSSH servers and wants to use secure public-key authentication, get the download today:

http://www.vandyke.com/download/os/pks_form.html


---------------------------------------------------------------------
4. Tips - Entering License Information Made Easier
---------------------------------------------------------------------

Entering your license information into SecureCRT, SecureFX,and CRT just got easier. The new official releases of these products have an improved License Wizard that can automatically parse the information from the Clipboard and fill in the fields automatically. Simply copy the license information from the registration letter we send you and start the License Wizard. Like magic, all of the fields are filled in for you! You can even copy the entire letter if you'd like. We'll be adding this feature to VShell and Entunnel(TM) in upcoming releases.


----------------------------
5. Current Releases
----------------------------

All VanDyke products are currently in official release. A complete list of VanDyke Software official releases can be found on our web site:

http://www.vandyke.com/download/latestreleases.html

Listed below are direct download links to the latest official versions of VanDyke Software products:

SecureCRT 4.0 - NEW - Public Key Assistant
http://www.vandyke.com/download/securecrt/download.html
CRT 4.0 - NEW - Wyse 50/60 emulation and file-based configuration
http://www.vandyke.com/download/crt/index.html
SecureFX 2.1 - NEW - Public Key Assistant
http://www.vandyke.com/download/securefx/download.html
VShell 2.1
http://www.vandyke.com/download/vshell/index.html
Entunnel 1.0
http://www.vandyke.com/download/entunnel/index.html
AbsoluteFTP(TM) 2.0.4
http://www.vandyke.com/download/absoluteftp/index.html

All VanDyke Software products may be downloaded and evaluated at no cost for 30 days. Licenses include one year of free upgrades and unlimited access to our expert technical support.


Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.

http://www.vandyke.com/support/newreleasemailinglist.html


---------------------------------------------------------------------------
6. Recommended Reading - Passwords to Public Keys
---------------------------------------------------------------------------

This month's pick was suggested by Marc Orchant at VanDyke Software.

"Authentication: From Passwords to Public Keys," by Richard E. Smith
Publisher: Addison-Wesley; ISBN: 0201615991; (2002)

Book News, Inc. wrote: "Smith, a computer security professional with 10 years of experience, explains what an organization needs to do to reliably identify its users and tells how various techniques for verifying identity are executed. He describes the range of authentication methods in use, and examines situations in which certain techniques fail and points out ways to strengthen them. He focuses on existing, off-the-shelf solutions to security problems. Information is of interest to network professionals, designers, developers, and administrators." (®Book News, Inc., Portland, OR)

If you'd like to recommend a great book you've recently read, please submit your recommendation by e-mail to newsletters@vandyke.com. If we select your recommendation, we'll send you a gorgeous VanDyke Software T-shirt, so be sure to specify L or XL).


Quote of the Month

"Giving away the keys

...In a recent study by security firm PetaSafe Security Technologies, the company found that four out of five workers would disclose their passwords to someone in the company, if asked.

That's the good news. Another study by the same company found that nearly two-thirds of the workers polled at Victoria Station in London gave the pollster their passwords when asked. Their reward? A cheap pen."

--Robert Lemos, "Psst... I know your password." Special to ZDNet News. May 22, 2002.
http://zdnet.com.com/2100-1105-920092.html


----------------------------------
Subscription Information
----------------------------------

Vandyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, you can unsubscribe or change your e-mail address at:

http://www.vandyke.com/support/newreleasemailinglist.html

You may also send an e-mail message to:

listserv@listserv.vandyke.com

with the following message in the body of your e-mail:

unsubscribe vandyke-company-news

---

VanDyke Software, AbsoluteFTP, CRT, SecureCRT, SecureFX, Entunnel and VShell are trademarks or registered trademarks of VanDyke Software, Inc. All other products and services mentioned are
trademarks or registered trademarks of their respective companies.


Close Window