Close Window


A Monthly Newsletter – May 2009

The lead story this month is our sixth annual "What Keeps Network Administrators Up at Night" survey of issues and concerns among IT security professionals. Given the global economic climate, you won't be surprised to read that IT budgets are equal in concern with more technical aspects of security. New VShell® server and SecureFX® versions in development are available for early testing and feedback. The "Scripting Essentials" project from VanDyke Software Support continues to unfold with a key chapter on reading remote data. Finally, Federal security standards for "critical network infrastructure" may be in your future, including professional certification, if proposed legislation passes the U.S. Congress.


1. Sixth Annual Security Survey Shows IT Security Budgets Drop
2. Call for Testers: Session Tabs for SecureFX
3. Call for Testers: W3C Logging Now on VShell for UNIX
4. Available Now: Scripting Essentials Ch. 4 – Reading Remote Data
5. Security News: New Senate Bill Proposes Security Standards
6. New and Current Releases

Online Resources

1. Sixth Annual Security Survey Shows IT Security Budgets Drop

VanDyke Software's sixth annual "What Keeps Network Administrators Up at Night" security survey of enterprise network and systems administrators reveals a shift in corporate IT security budgets since 2008. Further, declining budgets seem to be having a direct effect on admins' perception of security.

According to the survey results, in just a year's time enterprise network and systems administrators have seen their IT security budget worlds turned upside down. A core finding in this area is that in the face of IT budget cuts at 41% of their organizations, just over 46% of respondents felt their funding was insufficient to meet information security needs. This is an increase of roughly 10 percentage points since 2008, when 36% felt their security budgets were insufficient.

The study also revealed that the perception of insufficient security budgets in IT organizations correlated with a lack of perceived security in certain key areas. In the group that did not believe they possessed adequate funding, only 39% were satisfied with laptop security. This contrasted sharply with the group reporting sufficient budgets, where 76% were satisfied with laptop security.

If there is a silver lining to this trend in IT budgets, it is that, so far, concerns about many areas of security such as virus attacks have not increased. In fact, in areas such as security breaches the level of concern has declined since 2008. That said, those with insufficient budget were more likely to have a worry that "keeps them up at night."

The survey of 320 enterprise network and systems administrators was published May 14, 2009 and conducted by Amplitude Research. Since 2004, the survey has asked administrators how satisfied they were with a variety of security-related areas, and whether they are able to "sleep like a baby" in the face of concerns with issues from their end users to virus attacks and funding.

Results of the survey were discussed in articles published by and SC Magazine US online.

Interested readers may learn more about these and other results by going to the press release on the VanDyke Software website.

Or, if you would like an executive summary of the survey findings, contact Jill Christian at .

2. Call for Testers: Session Tabs for SecureFX

Available this month for preview and feedback is a tabbed session interface for SecureFX. Similar to the session tabs in SecureCRT, it allows sessions to be grouped in tabs for easy access, as an alternative to tiling or cascading session windows.

If you would like to test and provide feedback on the SecureFX tabbed interface, send e-mail to .

Call for Testers: W3C Logging Now on VShell for UNIX

Also available this month for preview and feedback is W3C logging for the VShell server for UNIX. The benefit is the ability to use third-party log analysis tools to track user connections, file access and other details.

W3C logging in VShell for UNIX is the same capability offered in VShell for Windows. On UNIX systems, W3C logging requires enabling file-based logging with the LogFolder option in vshelld_config.

If you would like to provide feedback on W3C logging in the VShell for UNIX server, send e-mail to

For more information on W3C logging, read the newsletter tip "Using Sawmill to Analyze VShell Server W3C Log Files".

4. Available Now: Scripting Essentials Ch. 4 -- Reading Remote Data

Whether it's a database server down the hall or a web server across the continent, few topics are more fundamental to automation than the remote connection. The latest chapter of the Scripting Essentials manual covers how to open and close preconfigured and ad hoc connections in SecureCRT(R), create multiple tab connections, handle connection failures, and close connections.

Chapter four details techniques that relate to waiting for specific data from a remote machine and capturing it when it arrives. Among the many topics are:

  • Making sure the remote is ready for commands
  • Reading data from the terminal screen
  • Using WaitForString()
  • Handling escape codes
  • Using the Screen object
  • ReadString() and streamed data
  • Parsing information from data with Split() and VBScript regular expressions

Also included are two examples with full source code: performing a web search with selected text, and receiving notification when "error-indicating" text appears.

To download a PDF copy of the scripting manual, visit the Scripting Essentials page in our Support section.

5. Security News: New Senate Bill Proposes Security Standards

SANS NewsBites reported in April on a new U.S. Senate bill that would establish mandatory computer security standards and professional certifications. The bill also places a National Cybersecurity Advisor on the White House staff, with authority to cut off public or private computer networks under attack, if they are part of the country's critical network infrastructure.

Of perhaps greater interest to U.S. network and security staff is the provision for mandatory security standards set by NIST, as well as certification and licensing for security professionals.

The NewsBites editor's comment was that "Like it or not, mandatory security standards are inevitable in the U.S." Given that likelihood, it makes sense for network and security professionals to keep track of this legislation.

To read the complete article in SANS NewsBites, including links to articles in the Washington Post, Federal Computer Week, and, visit this page:

6. New and Current Releases

The SecureCRT 6.2 official release makes it fast and easy to change multiple session settings. Changes include:

  • Edit multiple session settings like passwords at the same time
  • Option to remember, connect to sessions from your last use
  • Rotate log files nightly option
  • Manage keys in Activator with Agent support (also SecureFX)
  • PKCS #11 support simplifies smart-card authentication (also in SecureFX)

SecureFX 6.2 official adds site synchronization filters to fine-tune transfer results. This list of new capabilities includes:

  • Site synchronization filters to include or exclude files like .svn or JPEG, with wildcards
  • As in SecureCRT, edit multiple session settings like passwords at the same time
  • Option to remember, connect to sessions from your last use
  • Mutual FTP authentication allows self-signed certificates
  • Limit local FTP port range for restrictive firewalls

VShell 3.5 offers a module for FTP over SSL (FTPS) support. The latest server version also has:

  • FTP file transfer with all data protected by SSL/TLS-based encryption
  • W3C extended log file format, other logging enhancements
  • Control panel makeover
  • Internal user database to configure VShell-specific users
  • Disconnect active sessions using "who" utility
  • RunAs commands for admin-controlled remote command execution as a different user

Here is a list of the latest official product releases:

  SecureCRT 6.2.1
  SecureFX 6.2.1
  CRT™ 6.1.4
  VanDyke ClientPack 6.2
  VShell 3.5.3 Server for Windows
  VShell 3.5.3 Server for UNIX
     Red Hat Enterprise Linux 5.0
     Red Hat Enterprise Linux 4.0
     Solaris 10 (SPARC)
     Solaris 8 (SPARC)
     FreeBSD 7.0 (Intel x86)
     FreeBSD 6.1 (Intel x86)
     HP-UX 11
     Mac OS X 10.5 (Intel x86)
     Mac OS X 10.2
     AIX 5.3

All VanDyke Software products may be downloaded and evaluated free for 30 days. Licenses include one year of free upgrades and access to our expert technical support. Licenses for three years of upgrades and support are also available.

Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.


RSS Feeds Now Available

Links to VanDyke Software pages with RSS feeds:

Subscription Information

You received this e-mail because you subscribed to VanDyke Software News when you visited our website or downloaded a VanDyke Software product. Click here to unsubscribe or change your e-mail address.

Don't miss out on important product news. If your ISP or e-mail client filters incoming e-mail, please add the domain to your list of approved senders to make sure you receive the newsletters and product announcements to which you've subscribed.

IT professionals who are responsible for network administration and end user access where security is critical rely on VanDyke Software's rock solid and easy to configure software. VanDyke Software consistently delivers accurate, responsive support, and addresses our customers' evolving needs with timely product enhancements.

Mailing Address

  VanDyke Software, Inc.
  4848 Tramway Ridge Drive, NE
  Suite 101
  Albuquerque, NM 87111 USA

Do you have questions, comments, or ideas? E-mail or use one of our web forms.


VanDyke Software, CRT, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window