Upgrading and Repairing Networks

Computers and Privacy

When computers were standalone systems that were easily controlled by a central administrative group, keeping data out of the hands of those who didn't need to see it was already difficult. Usernames and passwords were designed to restrict individual users and their actions, as well as track the actions they performed. File and resource protections enforced by operating systems made it simple to keep most prying eyes out of sensitive files, but where there's a will, there's usually a way, and even operating system resource-protection techniques have their vulnerabilities.

For example, many passwords are either easy to guess or easy to obtain. If you don't enforce a strict security policy in your network, often users will use passwords that are so simple it makes a joke out of using passwords at all. Passwords such as the name of the local football team, a spouse, a child, or even a pet are often used because they're easy to remember. It is a good idea to create passwords using both uppercase and lowercase letters and alphabetic and numeric characters. These techniques can go a long way toward preventing a hacker from using a simple dictionary attack against your network. This kind of attack simply involves using a program that cycles through all the words in a dictionary to see whether any match up to your password. Hackers don't use just any dictionary, but instead can find huge lists of possible passwords (names, city names, baseball teams, and others we've just mentioned) to use. Another type of dictionary attack can be performed on Unix systems if the hacker steals the password file. Because the encryption scheme is known for most Unix systems, the program can simply encrypt every word found in a dictionary and compare it to the encrypted version in the simple /etc/passwd file!

When you consider the environment today, with large-scale networks and connections to the Internet, the security issues become even more complex and difficult to manage using simple schemes, such as username/password authentication. Encrypting the actual data files themselves, especially when they are to be transferred across an untrusted network link, can solve a large part of this problem.

Encryption techniques should be seriously considered in an environment in which security is considered an important part of the network and not assumed to be taken care of by the standard username/password mechanism.