Close Window
 

NEWS YOU CAN USE FROM VANDYKE SOFTWARE®

A Monthly Newsletter – October 2005

This month's issue focuses on authentication to mark the delivery of X.509 certificate authentication for UNIX in the beta 1 release of VShell® server version 2.5. This release means that X.509 certificate authentication is now supported across the entire secure product line. First, we point to several online resources to help you evaluate whether your authentication is adequate. Then, as counterpoint, we bring in some heretical views on passwords to shake the tree a bit. This month we also introduce a new section for everyday users, called "Did You Know?", to cover quick productivity hints that any user can take advantage of.

-------------
Contents
-------------

1. Beyond The Password: Time To Improve Your Authentication?
2. Writing Down Passwords: Heresy Or Healthy Habit?
3. VShell Server 2.5 In Beta – Now With X.509!
4. Join The New VShell 2.5 Beta Forum
5. Tip: Launching SecureCRT® 5.0 With Multiple Session Tabs
6. Did You Know? Text Selection In Command Windows
7. Vote In The SC Magazine Awards
8. New and Current Releases

-------------------------
Online Resources
-------------------------

-----------------------------------------------------------------------------------------
1. Beyond The Password: Time To Improve Your Authentication?
-----------------------------------------------------------------------------------------

Maybe it's been too long since you had a chance to review what's happening in authentication security. Or you might be faced with enhancing your current authentication scheme. Perhaps you're just jumping for joy at the inclusion of X.509 certificate authentication capabilities in the VShell 2.5 servers for UNIX, so you can standardize authentication across your organization. Whatever your perspective, we hope you find some valuable nuggets in our review of recent online articles on authentication.

"Beyond Passwords: Stronger Authentication", Lisa Phifer
In "Beyond Passwords", Lisa Phifer, a Core Competence V.P. and consultant on computer and network security, looks at how bad guys defeat garden-variety text passwords. She concludes that "password authentication provides a weak foundation for authorization and access control". Though many companies consider passwords to be cheap security, there is a hidden cost: Phifer cites studies showing that password resets represent 30 percent of all help desk calls.

Phifer then lists and evaluates the current alternatives from tokens to smart cards to biometric identification. Stronger credentials do cost more and may involve complex new systems. The holy grail, she says, is a system like tokens or biometrics that is "virtually immune to social engineering and password crackers". She explains two-factor authentication methods such as tokens with PIN numbers, where possession of both is required to successfully log on to a system. Finally, Phifer points out ways to increase authentication security without large capital expenses for new technology.

"More on Two-Factor Authentication", Bruce Schneier
Does your life seem simple and uncomplicated? Then you must not have read Bruce Schneier's "Crypto-Gram" newsletter lately. Schneier is a master "complexifier", who says in an April article, "It is no longer reasonable to expect users to have passwords that can't be guessed. For anything that requires reasonable security, the era of passwords is over". Then he points out that handing out token cards and PIN numbers won't prevent identity theft or bank fraud; criminals just switch tactics. So he reminds you to be sure that your security problem is authentication before you spend time and money "fixing" it.

"Understanding Your Authentication Options", SearchSecurity.com
If you want an overview of a broad range of authentication-related topics, SearchSecurity.com published a comprehensive online Learning Guide in September 2005.

-------------------------------------------------------------------------
2. Writing Down Passwords: Heresy Or Healthy Habit?
-------------------------------------------------------------------------

SC Magazine reported in March 2005 that a study of 67,000 people conducted by information security provider SafeNet in the US and Europe found that 50 percent of them wrote down their passwords. But is this necessarily bad? Here is a different perspective on this widely excoriated practice.

Microsoft security policy manager Jesper Johansson argues that if you prohibit users from writing down passwords, all you get are bad passwords that are easily broken. At a May 2005 meeting of Australia's CERT group, he advocated choosing excellent passwords, writing them down, and protecting the password list. That would allow users to vary their passwords more and thereby increase network security.

Read the entire Johansen article on CNET News.

------------------------------------------------------------
3. VShell Server 2.5 In Beta - Now With X.509!
------------------------------------------------------------

The initial beta release of the VShell server version 2.5 is now available for download and trial. VShell 2.5 adds support for X.509 certificate authentication to UNIX platforms. All VanDyke Software secure products now support this important technology, which allows large organizations to comply with PKI policies aimed at protecting critical information and thwarting identity theft.

As the costs of identity theft and electronic fraud continue to escalate, companies look to improve their user authentication policies. The X.509 standard is a well-established method of replacing vulnerable password logins. VShell 2.5 is simple to install and implement, so you can quickly deploy and realize business value. VShell's strong encryption, trusted authentication, and data integrity allow you to securely share electronic transactions inside your organization as well with contractors and customers. Fine-tuned configuration options allow you to administer your company's security policies to protect sensitive data from unauthorized access.

VShell 2.5 also adds support for IPv6. IPv6 has been around for several years, but many companies are just beginning to establish timetables to implement it. The US government recently established June 2008 as its deadline for switching to IPv6, while European and Asian countries are also moving toward the new standard. There may finally be critical mass for updating this major building block of networking.

To download VShell Server 2.5 or to read more about the release, please visit the VShell beta web pages.

----------------------------------------------------
4. Join The New VShell 2.5 Beta Forum
----------------------------------------------------

VShell 2.5 beta 1 has arrived along with a new forum for discussing the beta releases. In the beta forum you can discuss the capabilities you need in VShell, report bugs, and request refinements. With VanDyke Software staff tracking the forums closely, the VShell beta forum is the quickest way to keep up to date on the beta cycle.

Visit the VShell beta forum today. Registration is not required to read messages, but you will need to register in order to post in the forums or vote in polls.

-------------------------------------------------------------------------------------
5. Tip: Launching SecureCRT(R) 5.0 With Multiple Session Tabs
-------------------------------------------------------------------------------------

We ran this tip back in April, but since many users have benefited from the ability to open multiple session tabs using the /S command we thought we'd mention it again.

If you often need to open two or more sessions on startup, you can set up a shortcut to SecureCRT to do this for you, tabs and all.

The /S command-line switch is the key to opening multiple tabbed sessions.

The syntax looks like this:

  securecrt.exe /S "session1" /S "session2" /S "session3"

In the above example, "session1", "session2", etc. are session names in your session list. If the sessions are configured to open inside a tab, then this would allow you to open multiple sessions in tabs by clicking on a single shortcut.

----------------------------------------------------------------------------
6. Did You Know? Text Selection In Command Windows
----------------------------------------------------------------------------

Forum member "aao" wanted to know if there is a way to configure the "click and drag" functionality to select a rectangular block of text rather than the typical Windows word-by-word selection. This method eliminates quoting characters in e-mail, and omits line numbers when copying scripts or code.

To select columns or a block of text, hold down the ALT key while using the mouse to outline the text area. Then copy to the Clipboard using the Edit/Copy menu item or the keystroke accelerators CTRL+INSERT (copy) and CTRL+SHIFT+INSERT (paste).

Or try using the "Copy on select" feature to copy text to the Clipboard as soon as it's selected:

http://www.vandyke.com/go.php?id=nl101305j
http://www.vandyke.com/support/tips/copyonselect.html

You can get more information on this topic in the SecureCRT Help file under "Copy & Paste".

-------------------------------------------------
7. Vote In The SC Magazine Awards
-------------------------------------------------

SecureCRT and VShell have been nominated for the 2006 SC Magazine awards. The top five products that get the most votes will become finalists in this yearly industry award. Voting closes Friday, October 28, so visit the www.scawards.com today.

To vote for SecureCRT or VShell, go directly to their nomination categories below.

SecureCRT – Best Endpoint Security Solution

VShell – Best Policy Management

----------------------------------------
8. New and Current Releases
----------------------------------------

VShell 2.5 beta 1 was released October 6, 2005. This version provides strong X.509 certificate authentication on UNIX platforms, support for the IPv6 protocol, and improved triggers. A maintenance release for VShell 2.3.7 official was made on October 13, 2005.

Here is a list of the latest official product releases:

  SecureCRT 5.0.3
  SecureFX® 3.0.3
  Entunnel™ 1.1.2
  CRT™ 5.0.3
  AbsoluteFTP® 2.2.10
  VShell 2.3.7 Server for Windows
  VShell 2.3.7 Server for UNIX
    Red Hat Linux 7.x
    Red Hat Linux 8.x
    Red Hat Linux 9.x
    Red Hat Enterprise v2.1/v3
    Solaris 8 (SPARC)
    FreeBSD 4.8/5.3/5.4
    HP-UX 11
    Mac OS X 10.2
    AIX 4.3/5.2/5.3

All VanDyke Software products may be downloaded and evaluated free for 30 days. Licenses include one year of free upgrades and technical support.


Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.

     http://www.vandyke.com/support/newsletter.html

RSS Feeds Now Available
-----------------------------------

Links to VanDyke Software pages with RSS feeds:

Subscription Information
----------------------------------

You received this e-mail because you subscribed to VanDyke Software News when you visited our web site or downloaded a VanDyke Software product. Click here to unsubscribe or change your e-mail address.

Don't miss out on important product news. If your ISP or e-mail client filters incoming e-mail, please add the domain @vandyke.com to your list of approved senders to make sure you receive the newsletters and product announcements to which you've subscribed.


Mailing Address
----------------------

  VanDyke Software, Inc.
  4848 Tramway Ridge Drive, NE
  Suite 101
  Albuquerque, NM 87111 USA

Got questions, comments, or ideas? E-mail or use the web forms by clicking on "Got a question or comment?" on any page on our web site, as you'll see on our What's New page.

---

VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window