Close Window
 

NEWS YOU CAN USE FROM VANDYKE SOFTWARE®

A Monthly Newsletter – October 2007

Sometimes the scope of the News is broad, other times we focus intently on details of configuration and implementation. This month we do both, with a kind of security smorgasbord for you. First, a web tip shows how to use the subconfiguration capability, new in the VShell® server, to apply different authentication settings to particular users, groups, or networks. Keeping track of trends, we give you results from September's quick survey on your plans to adopt Windows Vista (or not). Then, a forum post on troubleshooting SecureCRT® authentication, and finally two interesting external perspectives on how to test readiness for social engineering and how to improve overall internet health by securing home user systems.

-------------
Contents
-------------

1. Tip: VShell Subconfiguration For More Flexible Authentication
2. Windows Vista Survey Results - Customers Remain Dubious
3. Snapshot: Windows Vista Recent Events
4. Heard on the Forums: Troubleshooting Failed Login
5. Security News: Test Your Readiness For Social Engineering
6. Opinion: Are Home Users A "Public Health Problem?"
7. New and Current Releases

-------------------------
Online Resources
-------------------------

---------------------------------------------------------------------------------------
1. Tip: VShell Subconfiguration For More Flexible Authentication
---------------------------------------------------------------------------------------

Normally, authentication is defined in VShell on a global level. But global configuration settings do not always meet the needs of an entire complex organization. Subconfiguration, new in VShell server version 3.0, allows network administrators to add another level of control by defining different settings for particular users, groups, or locations (networks). This tip applies subconfiguration specifically to customizing authentication settings.

Two examples of expanded options with subconfiguration are provided. The first is per user or per group: where either password or public-key authentication is generally allowed, now an Administrator group is required to use both password and public-key authentication. The second is on a location or per-network basis, so that users connecting from an internal network can authenticate using either password or public key, while users connecting from an external network are required to authenticate using both password and public key.

Subconfiguration applies to both Windows and UNIX VShell servers, though the formats are different. More settings controlled by subconfiguration may be added based on your input, so if you would like to request new controls, send e-mail to VanDyke Software Support.

Click here to read the complete tip on subconfiguration.

--------------------------------------------------------------------------------------
2. Windows Vista Survey Results - Customers Remain Dubious
--------------------------------------------------------------------------------------

Six months after the official release of Microsoft Windows Vista and on the heels of the announcement of Service Pack 1 (SP1), VanDyke Software customers remain highly skeptical of the value of Windows Vista. Based on recent responses to a survey we ran in the September newsletter, 57% had no current plans to deploy Vista. The laconic comment of one respondent, "Plan to avoid Vista as long as possible", expresses a common attitude.

Of course, the survey respondents expressed a wide range of views on Vista deployment. With 32% of respondents having completed internal testing, 22% planned to deploy Vista after testing was complete, and another 8% said they would use it after SP1 was released. However, 42% had not even begun testing on Vista.

Of those who planned to deploy Vista, the greatest number cited usability improvements as the reason, though 31% chose "other" rather than the choices of improved security, usability, or better account management. Customers' "other" reasons were an inability to buy computers without Vista, the need to upgrade to stay on a supported platform, and Vista's design for 64-bit processors.

Why are customers not planning to upgrade to Vista? Forty-one percent thought there were no features worth upgrading to. In comments, some cited a lack of support for specific business
applications, or stiff hardware requirements that for one company would require "almost 100% replacement of existing PCs". Further supporting the foot-dragging statistics, several comments asserted that skipping Vista entirely was a viable option, whether by staying with XP Pro, waiting for the next release, switching to Mac OS, or expanding use of Linux. Finally, imagine reading this comment during the XP launch: "We'll more likely switch to 100% Mac OS than deploy Vista enterprise-wide." My, how times have changed.

----------------------------------------------------------
3. Snapshot: Windows Vista Recent Events
----------------------------------------------------------

In case the just-mentioned survey made you curious about the current pros and cons of Windows Vista, here are some recent developments, along with a few sources in case you want to look further.

    • Yes, the Vista SP1 beta was released in late September to a limited group of testers.
    • As companies avoid upgrading to Vista, Windows XP will continue to be available from stores and PC manufacturers.
    • And if you have Vista Business or Ultimate and hate it, Microsoft will let you beat a strategic retreat to XP Pro.

Catch up to the above-mentioned Windows Vista news stories and more at these news sources:

--------------------------------------------------------------------------
4. Heard on the Forums: Troubleshooting Failed Login
--------------------------------------------------------------------------

Forum user rpm presented the following problem not long ago. After changing a user password on an LDAP system, access was denied when logging onto that account with SecureCRT, but not with another client. Teresa from VanDyke Software Support keyed in on the essential difference – initial authentication method. SecureCRT is set to try password first, not keyboard interactive as the other client was. By promoting keyboard interactive to the top of the Authentication list in the SSH2 sub-category on the Session Options page, rpm logged on successfully.

For this and other problem-solving ideas, visit the VanDyke forum site.

------------------------------------------------------------------------------------
5. Security News: Test Your Readiness For Social Engineering
------------------------------------------------------------------------------------

Every so often the business of computer security intersects with a grittier world that reminds you more of a novel by Le Carre or Ludlum than it does air-conditioned server farms, white-board-covered conference room walls, the CFO's corner office, or the bottomless bowl of snacks in the break room. That's because there are people out there who want to help themselves to your company's goodies, whether they come in via the wireless network or the front door.

An October InfoWorld piece by Andrew Brandt, "How to think like an online con man", is thought-provoking even if you're not a security consultant hired to run a white hat social engineering hack on a major corporate client. Brandt explores how to find your organization's weak spots through the ideas of Ira Winkler, author of "Zen and the Art of Information Security", and an expert on social engineering. Can your security practices and employee training handle a clever ploy to request a replacement laptop or reset an admin password?

The spy vs. spy dimension is capped off with a glad-it-wasn't-me story about Winkler's attempt to get into a London office, not knowing the building he was trying to get into also housed the MI5 intelligence service. Suffice to say this did not end well for Winkler.

To read the complete article, visit the InfoWorld web site.

----------------------------------------------------------------------------
6. Opinion: Are Home Users A "Public Health Problem?"
----------------------------------------------------------------------------

Many of us have opinions about how to alleviate one security issue or another, but not everyone is brave or feckless enough to take on the problems of the entire home computing segment. In his Crypto-Gram newsletter this month, Bruce Schneier tackles the gigantic question of what to do about home user security. What struck us most was that he wasn't interested in the usual home user bashing. Schneier says, "We wonder why home users have such problems with their buggy systems, why they can't seem to do even the simplest administrative tasks, and why their computers aren't secure." For his answer, he recalls as still true Walt Mossberg's 1991 assertion, "Personal computers are just too hard to use, and it isn't your fault."

Schneier continues, "It's unrealistic to expect home users to be responsible for their own security....they're not going to learn. The only possible way to solve this problem is to force the ISPs to become IT departments. There's no reason why they can't provide home users with the same level of support my IT department provides me with."

While it's not clear that this will happen, some ISPs are responding, for example with virus protection. It's hard to argue that the internet wouldn't be a much safer place with millions of home machines better protected.

To read the complete article or to subscribe to the Crypto-Gram, visit Bruce Schneier's web site.

----------------------------------------
7. New And Current Releases
----------------------------------------

Here is a list of the latest official product releases:

  SecureCRT 5.5.2
  SecureFX 4.5.2
  CRT 5.5.2
  VShell 3.0.1 Server for Windows
  VShell 3.0.1 Server for UNIX
     Red Hat Enterprise Linux 4.0
     Solaris 10 (SPARC)
     Solaris 8 (SPARC)
     FreeBSD 6.1 (Intel x86)
     HP-UX 11
     Mac OS X 10.2
     AIX 5.3

All VanDyke Software products may be downloaded and evaluated free for 30 days. Licenses include one year of free upgrades and access to our expert technical support.


Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.

     https://secure.vandyke.com/cgi-bin/subscribe.php

RSS Feeds Now Available
-----------------------------------

Links to VanDyke Software pages with RSS feeds:

Subscription Information
----------------------------------

You received this e-mail because you subscribed to VanDyke Software News when you visited our web site or downloaded a VanDyke Software product. Click here to unsubscribe or change your e-mail address.

Don't miss out on important product news. If your ISP or e-mail client filters incoming e-mail, please add the domain @vandyke.com to your list of approved senders to make sure you receive the newsletters and product announcements to which you've subscribed.


IT professionals who are responsible for network administration and end user access where security is critical rely on VanDyke Software's rock solid and easy to configure software. VanDyke Software consistently delivers accurate, responsive support, and addresses our customers' evolving needs with timely product enhancements.


Mailing Address
----------------------

  VanDyke Software, Inc.
  4848 Tramway Ridge Drive, NE
  Suite 101
  Albuquerque, NM 87111 USA

Got questions, comments, or ideas? E-mail or use one of our web forms.

---

VanDyke Software, CRT, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window