Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-64748-6

Book IV

Chapter 1

Network Security

Terminology

451

Introduction to Security Terminology

Strong passwords

It is really hard to talk about authentication without talking about ensuring

your usage of strong passwords on systems and devices. A strong password

is a password that is very difficult for hackers to guess or crack because it

contains a mix of uppercase and lowercase characters, a mix of numbers

and letters, and is a minimum of six characters long.

Authorization

After someone is authenticated to a system or device, he is then granted or

denied access to resources such as files and printers, or given limited

privileges to a device. Authorization is the process of giving a person

permission to access a resource or a device.

Do not confuse authentication and authorization: You must be first

authenticated to the network; then, after authentication, you can access the

resources and perform the tasks that you have been authorized for.

An example of authorization in the networking world is choosing to

authorize a system on the network (meaning we allow it to connect to the

network through a port on the switch) by its MAC address. In high-security

environments, this is very popular, and in the Cisco world, this is known as

port security.

Vulnerability

Vulnerability is the term we use for a weakness in a system or device. The

vulnerability is created accidentally by the manufacturer and is typically the

result of a code mistake in the software or firmware.

Using strong passwords

A number of years ago, I had a coworker

who was always trying to get me to guess his

passwords. He thought I had some magical

trick or program that was cracking them, but

all I was doing was guessing his passwords. I

remember one time he changed it, and I could

not guess it — until one night when we were

at a social function for work and all he talked

about was the Flyers hockey team. I remember

sitting there thinking, “I bet that is his

password.” Sure enough, the next day at work,

I tried flyers as his password, and it worked.

Now the lesson here is that he should have

at least mixed the case of the word flyers to

make something like flYeRs, or even better,

thrown a symbol in there by replacing the s

with a $. I would have had a much harder time

trying to guess his password if he had used

flYeR$ instead. This is an example of a strong

password.

22_647486-bk04ch01.indd 45122_647486-bk04ch01.indd 451 10/15/10 11:27 PM10/15/10 11:27 PM