Enterprise System Spectator blog: ERP and enterprise system vendor evaluation, selection, and implementation.

The Enterprise System Spectator

Tuesday, March 18, 2003

RIAA continues crackdown on piracy on corporate networks. Reuters is reporting that the RIAA, an industry association of the major record labels, has sent letters to 300 U.S. companies complaining about alleged acts of piracy and copyright infringement in their corporate computer networks and warning of possible fines. The RIAA is not disclosing which companies received the letter, but it backed it up with evidence of piracy, listing specific instances where individuals on the companies' networks accessed file-sharing services such as Kazaa and iMesh. The letter was also sent with a CD containing copies of pirated materials found on the recipient's corporate network being offered for file sharing. As I wrote earlier, companies need to do their own desktop auditing to ensure that their house is in order, or face significant legal liability. CIN has an article on the RIAA's latest actions.

by Frank Scavo, 3/18/2003 09:05:00 PM | permalink | e-mail this!

Subscribe!

Read/post comments!
(0) Links to this post

Wednesday, March 12, 2003

Strengthening the weak link in enterprise system security. Last year, I wrote a short post pointing out that the weak link in enterprise security is the user, in particular the typical user's inability to formulate or remember strong passwords. Strong passwords -- those that follow certain rules such as minimum length, mix of characters and numbers, and avoidance of dictionary words, etc.-- are difficult to break, even with automated cracking tools. But strong passwords are difficult to remember. So, most users recycle the same personal passwords over and over, employing names of spouses or pets or birthdays that are both easy-to-remember and easy-to-guess. It's a serious problem. One report last year found that a consultant hacker using a publicly available password cracking program was able to hack or crack 30% of the passwords for 10,000 user accounts at a health care firm -- in less than an hour!

So, I paid attention when David Harding from BrowserPlus offered a couple months ago to let me beta-test a new "extension" to Internet Explorer, called Login Manager, which he claimed was a solution to the problem of maintaining strong passwords. The program does a lot: it provides a searchable bookmark capability, it can automatically populate Web forms and log you into a favorite site with a single click, and it can generate, remember, and manage strong passwords. This last point is goes to the heart of the "weak link" problem.

Login Manager turns typical password administration upside down. Instead of asking the user to generate or remember a strong password, the Login Manager can be configured to manage all passwords on behalf of the user. For the highest level of security, an organization’s security administrator can even hide passwords from the users themselves. Although hiding passwords from users might seem counter-intuitive, there are several attractive benefits to this approach:

  1. As Kevin Mitnick points out, the easiest way to steal a password is to ask the user for it. A significant number of users are vulnerable to "social engineering," where the password thief over the phone poses as someone with legitimate need for the password. But if users don't know their own passwords, they can't give them away.

  2. If employees don't know passwords, they can’t share them with friends or relatives. No more "sharing" of access to proprietary research sites, such as Gartner. More seriously, no more sharing of access to company intranets with outsiders, such as recruiters, or competitors.

  3. If employees don't know passwords, they can't take them when they leave the company. No more worry about terminated employees continuing to access employer Web accounts or extranets.

  4. Finally, in some departments (e.g. purchasing) it is necessary for several users to share a common "corporate account" and password (e.g. several buyers in Purchasing using a common account for an e-commerce site). But if the users don't actually know the password, it's no longer necessary to change it every time one of them leaves the company.


Because Login Manager operates as an extension to Internet Explorer, it won't administer passwords for legacy client-server or mainframe systems. Still, with more and more systems adopting a browser client, in some companies it could serve as an important element of a comprehensive security policy.

A 30 day free trial of the Login Manager (both home and professional editions) is available at the BrowserPlus web site.

by Frank Scavo, 3/12/2003 01:01:00 PM | permalink | e-mail this!

Subscribe!

Read/post comments!
(0) Links to this post

Tuesday, March 04, 2003

Technology trends, 2003 and beyond. Andrew Grygus has a very long and interesting analysis of current information technology trends. It goes pretty deep in terms of Microsoft directions. Although the focus is on the small business segment, much of it applies generally.

by Frank Scavo, 3/04/2003 07:56:00 AM | permalink | e-mail this!

Subscribe!

Read/post comments!
(0) Links to this post

Powered by Blogger

(c) 2002-2014, Frank Scavo.

Independent analysis of issues and trends in enterprise applications software and the strengths, weaknesses, advantages, and disadvantages of the vendors that provide them.

About the Enterprise System Spectator.

Frank Scavo Send tips, rumors, gossip, and feedback to Frank Scavo at .

I'm interested in hearing about best practices, lessons learned, horror stories, and case studies of success or failure.

Selecting a new enterprise system can be a difficult decision. My consulting firm, Strativa, offers assistance that is independent and unbiased. For information on how we can help your organization make and carry out these decisions, write to me.

For reprint or distribution rights for content published on the Spectator, please contact me.


Go to latest postings

Custom Search

Join over 1,700 subscribers on the Spectator email list!
Max. 1-2 times/month.
Easy one-click to unsubscribe anytime.

Follow me on Twitter
My RSS feed

AddThis Feed Button


Computer Economics
ERP Support Staffing Ratios
Outsourcing Statistics
IT Spending and Staffing Benchmarks
IT Staffing Ratios
IT Management Best Practices
Worldwide Technology Trends
IT Salary Report
IT Help Desk/Service Desk Management

Get these headlines on your site, free!


Awards

2013 Best ERP Writer - Winner

Alltop. We're kind of a big deal.
 
Constant Contact 2010 All Star Technobabble Top 100 Analyst Blogs


Blog Roll and Favorite Sites
Strativa: ERP software vendor evaluation, selection, and implementation consultants, California
StreetWolf: Digital creative studio specializing in web, mobile and social applications
Vinnie Mirchandani: The Deal Architect
Oliver Marks' Enterprise 2.0 Blog
Si Chen's Open Source Strategies
diginomica
CISO Handbook


Spectator Archives
May 2002
June 2002
July 2002
August 2002
September 2002
October 2002
November 2002
December 2002
January 2003
February 2003
March 2003
April 2003
May 2003
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
July 2008
August 2008
September 2008
October 2008
November 2008
December 2008
January 2009
February 2009
March 2009
April 2009
May 2009
June 2009
July 2009
August 2009
September 2009
October 2009
November 2009
December 2009
January 2010
February 2010
March 2010
April 2010
June 2010
July 2010
August 2010
September 2010
October 2010
November 2010
December 2010
January 2011
February 2011
March 2011
April 2011
May 2011
July 2011
August 2011
September 2011
October 2011
November 2011
December 2011
January 2012
February 2012
March 2012
April 2012
May 2012
June 2012
July 2012
September 2012
October 2012
December 2012
January 2013
February 2013
March 2013
May 2013
June 2013
July 2013
September 2013
October 2013
December 2013
January 2014
February 2014
March 2014
Latest postings