Posted by Aggro on 11/19/96 11:46

veg_all@yahoo.com wrote:

> What more can someone do beyond basic passwords to keep unwanted users
> out?

Here are some examples. Not very practical, but sometimes might be even
required.

- Using strong passwords or forcing users to use strong passwords. It
would also be possible to require two persons to login at the same time,
before data is revealed.

- Data should be kept in crypted form instead of plain text, and the
algorithm used should be strong enough to hold the privacy, even if the
algorithm itself is known. To prevent data leaking if someone steals the
hard drive or happens to gain access to the server itself.

- Access to the data can be restricted. Usually it is not required that
everyone can access to everyones data in every day. To prevent attacks
from inside and preventing someone to steal the whole database within a
single and fast attack.

- Logging can be used to save reconds of possible abuses or abuse attempts.

- There should be no access to the data via public networks, directly or
indirectly as that would give potentiaaly anyone access to the computer.

- There should be no public access to the computer that holds the data,
or is connected to the computer that holds the data. Same thing as it is
with Internet, except in smaller scale.

[Back to original message]