[an error occurred while processing this directive]



Book Contents

Ch. 6
Understanding DSS Architecture, Networking and Security Issues

Chapter Contents
Previous Page
Next Page

Implementation: Remedying problems and implementing solutions

Having decided on the appropriate level of security for your site and identified the security problems at your site you now have to fix the problems and implement your security policy. This section examines tools and methods that can be used to improve security with passwords, the file system and the network.

Improving password security

There are a number of schemes Managers and Systems Administrators can use to help make passwords more secure including: user education, shadow passwords, proactive password programs, password generators, password aging, regular password cracking, and one-time passwords.

User education

Users do not want other people breaking into their accounts. If the users of a system are educated in the dangers of using bad passwords most will choose good passwords. How you perform user education will depend on your users. Different users respond to different methods. System administrators must always remember that it is important not to alienate users.

Firewalls

The Internet creates access for hackers, spies and saboteurs who would like nothing more than to break into your DSS. By connecting to the Internet you basically open the doors for them. A firewall is a concept designed to shut those doors. Basically a firewall is a collection of hardware and software that forces all in-coming and out-going Internet data to go through one gate. Everything going in and out, but especially in, of that gate is evaluated. If it doesn't fulfill a certain criteria it is shut out.

Having a firewall results in the following four advantages: protects vulnerable or strategic services, concentrates security on the most important systems, enhances privacy, and provides logging and statistics on network use.

Another measure is to have a secure server and use encryption. A Web address (the Uniform Resource Locator) for a secure server is displayed in a web browser’s location field beginning with "https" rather than "http" when one enters a secure area. Most browsers also show either a closed lock or a solid key symbol in the status bar at the bottom of the screen. Companies should have a secure server for DSS applications.

[an error occurred while processing this directive]