Building blocks to security: Passwords -- the first line of defense

By , Unix Insider |  Operating Systems

One of the technologies which promises to change the landscape with respect to passwords is called single sign-on (SSO). SSO systems allow a user to log in once. Subsequent to this initial login, all additional connections are carried out through the client software. The software negotiates connections to other systems on the user's behalf. In other words, the passwords to other systems are managed by the software, not the user. The user can, therefore, access many systems and services without having to remember multiple passwords or set all passwords the same. On the other hand, a compromise of an SSO system in which an unauthorized person learns the single password that the user needs for initial login leaves all of the systems vulnerable, just as if the same passwords had been used for all of the systems. SSO systems that add some other credential to the login process (e.g., a SecurID or a smart card that the user must have on his or her person when logging in) go a long way toward avoiding this vulnerability. One such SSO system is Tivoli's Global Sign-On (see Resources for a link.). Passwords for other systems are stored in a local database in encrypted form, which is what is passed over the network.

Another good strategy, readily available and inexpensive, is to use ssh. (See Resources for an article link.)rlogin, scp, and rsh) used by some Unix users for many years. Free client software is available from a number of sources -- PuTTY and the TeraTerm Pro SSH module are free clients available for Windows users. (See Resources for links.)

Systems management

Unix systems can be managed in such a way as to reduce the risk that bad or otherwise vulnerable passwords introduce. If your password software can be configured to enforce restrictions on passwords (e.g., disallowing permutations on the username, requiring a certain number of characters, or requiring some nonalphabetic character), make sure that these restrictions are enforced. These restrictions go a long way toward forcing users to select passwords which are considerably better than average.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Operating SystemsWhite Papers & Webcasts

Webcast On Demand

The Challenges of OS Migration

Sponsor: Dell

White Paper

8 Questions You Should Ask About Linux Systems Management

White Paper

Confronting the Barriers to Software Development Excellence

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

How do you respond to a job interviewer that asks to see your social media activity?
3 answers
What is the best audio format for websites?
2 answers
How much better is VP9 than VP8?
2 answers
More questions
Ask a Question