Printer Friendly

Choose the right weapon.

CHOOSE THE RIGHT WEAPON

Concerned about unauthorized access to internal resources that include a campus-wide E-mail network, Microsoft, Redmond, Wash., installed Crystal Point's Line-Lock. The PC-based access management system lets Greg Post, manager in planning and operations for Corporate Systems, breathe easier.

It also could save the company $1500 per modem after a late 1989 upgrade from 2400-baud to V.32 speed.

"We have less modems, doing more work," says Post. Before buying its two units, which consist of a basic PC and software (at $4000 per license), Microsoft had 32 Codex 2238 rack-mounts dedicated to inbound E-mail only.

Linelock let the same 32 modems share inbound and outbound traffic. Since then Microsoft has expanded to 48 modems.

When a user calls in for a modem, Linelock asks for his ID, password, and what resource he wants to connect to. If it gets acceptable answers it connects him to an E-mail host, for example, over a campus-wide Ethernet running at 10 Mb/s. Linelock also records log-in and log-out times, and what device the user accessed.

"With Linelock," Post says, "you don't need modems on each host you're accessing." It handles outbound traffic similarly.

Bigger savings will accrue when Microsoft upgrades to V.32 early this year, and off-campus dial-up users communicate at 9.6 kb/s. "The savings could be quite substantial--$1500 per modem."

About 200 modems are in use, though not all will require the upgrade.

"I'm looking for an advanced product that solves my communications problems with dial-ups. One if which is: I want to know the performance of each individual line."

The Telebit rack-mount with a smart interface might be the answer, Post says. It would let all operating-line characteristics be retrieved on the modem itself.

Post hopes eventually to eliminate all departmental dial-up modems. "It's fairly easy to leave a modem in the wrong state and provide backdoor access." A modem left in auto-answer does no harm if its terminal is off. "But if you leave it on so you can access it, there's no reason someone else couldn't."

Beyond Passwords

Users who cannot eliminate dial-up modems may select from a growing array of access watchdogs.

LeeMah's Secure Access Unit, for example, uses patented callback technology to turn the tables on would-be hackers. Rather than relying on typical password access, the SAU disconnects from callers, then dials them back at their authorized numbers.

The user's InfoKey resides on dial-up lines between a modem and a Traqnet base. To gain access one enters his modem-dialing sequence, then a five- to 15-character numeric code when signaled by Traqnet. If Traqnet recognizes the user, it activates InfoKey, cutting modems right out of the picture. After InfoKey and Traqnet exchange info, Traqnet re-establishes modem links.

More and more private and public data network users will recognize the need for safer-than-password security in coming years, predicts BT Tymnet's Director of Data Security Wayne Bartlett.

Most private LANs, he says, have no security precautions at all. Companies set up departmental or geographically isolated LANs and assume only authorized (in-house) users will gain access. Over half of all security losses, however, come from your own people, whether by omission or commission.

Many network managers concern themselves with security only when they need to connect other locations or link their LAN to someone else's. (Secure gateway products fill this need).

Banks and other heavy users of confidential data, however, may find passwords much too risky.

Most users pick simple passwords and rarely change them, leaving their networks vulnerable, Bartlett says.

Leading-edge data users are picking up on "token" technologies to make sure a given password can be used no more than once. This method relies on a second secret handshake after password exchange.

"Just because you can get into a car doesn't mean you get the right to drive it," Bartlett says.

Here's how a token-access system works: (1) A user keys in his password to the host. (2) The host accepts the password and returns a random number sequence based on the same encryption algorithm as the password. This is called a "challenge." Use of random numbers makes sure the second token may be used only once. (3) The user must then decrypt the challenge, usually on a hand-held calculator with the algorithm imbedded in it, and send it back to the host. If the decrypted number sequence properly answers the host's challenge, access is granted.

One such system is Safeword Software from Enigma Logics, Concord, Calif. A logic key or "seed" embedded in a tamper-proof, credit-card-sized device gives users easy access while keeping out unauthorized parties.

A similar product, Rainbow Technologies' DataSentry II, offers two-tiered protection for under $200. It uses a Personal Access Key and software to encrypt data files on PCs and laptops and secure data for modern use.

Further out on the horizon loom dual-key encryption schemes. They use key pairs called "digital signatures," which fit together like a left and right shoe. One half of the key encrypts and the other decrypts, allowing a user to keep a "private" key different from the "public" one he gives out to others on the network.

Such schemes are a great idea, Bartlett says, but it will be a while before they're economically feasible.

With so many economical options available right now, it's inexcusable to expose priceless business information to risk.
COPYRIGHT 1990 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:data security systems
Author:Jesitus, John
Publication:Communications News
Date:Jan 1, 1990
Words:892
Previous Article:Insure data - it pays.
Next Article:Hospital faces fax to win docs.
Topics:


Related Articles
Signaal's answer to the future low level air threat: UMBRELLA.
Agenda for the next parliament.
POINT/COUNTERPOINT.
ARABS-UN - Apr. 13 - Security Council Approves Weapons Inspection.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters