Remote Access in the Field: Manageability

Remote Access in the Field: Manageability

The benefits of centralized access control cannot be overemphasized, but a certain amount of
care must accompany this process. Many older security products would store the password file
in cleartext, which could be read by anyone with access to the server. This, coupled with no
requirement to change the passwords on a regular basis, made centralized security less secure
than one that stores passwords in an encrypted form or one that uses tokens or other mechanisms
than passwords.
Obviously, the trick is to make sure that the central access control database and server are
secure. This again yields a benefit to the administrator because this can be accomplished easily
when there are one or two security servers (remember, redundancy is an important consideration).
Although the remote access devices will also demand a degree of security, it’s far easier
to protect a single resource than tens or hundreds�"the basis for perimeter firewalls.
A note regarding forcing regular password changes: it can be taken too far. Consider an organization
that requires monthly password changes. Our first guess at everyone’s password
would be some combination of month and year�"jun00, for example. Incremented passwords,
such as Tyler7, Tyler8, and so on, would also be common; of course, substitute the name of
your child, pet, or significant other in the string.