Security

Is the web safe for my applications and my data ?

Every computer on the web is identified by an IP (Internet Protocol) address. A normal website has http:// as the prefix. This stands for hypertext transfer protocol. Simply stated, every letter and word that traverses the web does so as plain “clear” text. A hacker could be watching the network traffic from a given IP address (a computer) and capturing/reading the text that moved to and from that computer. This is frightening.

Some years ago, a security method was developed for websites. A company can purchase an SSL-certificate (Secure Socket Layer) from a vendor. The company needs to provide various proofs of identification and business history as required by law. The certificate enables the website prefix to be changed to https:// (the “s” means “secure”). All traffic to and from this website is now “encrypted.” No hackers can read this information because it is scrambled and mixed by very secure algorithms. No two sites use the same encryption code.

Online banking uses SSL protection. Next time you log-on, look at your browser address bar. If you don’t see “https” then your text is being transmitted across the web unprotected.

Phase 1

Security is the implementation of SSL.

Phase 2

Security is Site Authentication. Let’s say that we have implemented an SSL-protected site for accounting transactions for your company. A customer walks in and sees the address bar on your PC:
https://www.threemileisland.com/accounting/paychecks.aspx . He goes home and types in that address into his browser. The first thing he sees is an authentication page because his computer has never visited this site before. The website is looking for a cookie on his computer. It isn’t there so the user must authenticate which means provide a username and password.

Back at your company, when the website was first set up, the network administrator placed the cookie on computers of authorized users. The users don’t even need to know the authentication credentials. This means that they won’t be able to access the application from their home PC if the company desires this level of protection.

Phase 3

Security is application password protection. Pentad Systems can configure varying levels of difficulty for password access. Typically a company wants a user name and a password. However, some on-line banking systems use three fields: account number, social security, and password. We can configure one, two, three, or more which drastically lengthens the time a hacker would need to “crack” the passwords.

As an example, a username of “gary” with a password or “gary” would take a hacker 45 minutes to hack using crack software. Changing the username to a 12 character mixed upper and lower case including symbols would lengthen the time to 36 hours. Making the password another array of upper and lower case letters, numbers, and symbols would increase this to 11 months. Adding a third field would increase the hack attempt to 11 years. This highlights the need to develop password credential standards such as minimum length, content, and change frequency.

Phase 4

Security stems from the benefit of having our systems hosted externally to the company. Most security breaches stem from internal sources. Pentad provides robust data storage, back up, and replication routines.