fhs
Volume 7, Number 8 -- February 27, 2007

PowerTech Unveils New Password Utility

Published: February 27, 2007

by Alex Woodie

You're only as strong as your weakest link. For many iSeries shops, the weakest link is an easy-to-guess password that could give attackers access to critical systems. To help iSeries shops clamp down on weak passwords, PowerTech Group last week unveiled a new utility called Password Control that identifies weak passwords and forces i5/OS users to pick passwords that are hard to guess.

OS/400 contains basic password functionality. As an OS/400 system administrator, you can require that users pick passwords with a certain number of digits, force them to pick a new password after a certain period of time has elapsed, and even require them to include alphanumeric characters in their passwords.

While these are all good controls to have in place, they don't necessarily prevent bad passwords from seeping into the system. That's why PowerTech launched Password Control, which checks all System i user profile passwords against a pre-defined and customizable list of more than 250,000 words.

If Password Control finds a password that matches a word on the list, it considers the password to be weak, and includes that information in a report. It's up to the administrator to then take steps, such as expiring the password, to force the user to pick a stronger password.

The utility includes a second major function, implemented as an exit program, which prevents users from picking weak passwords when they change their passwords. That can be a handy tool to have as part of an overall security policy, especially in conjunction with OS/400's password facilities.

Password Control's customizable dictionary is really what sets it apart from OS/400's basic password controls. Many of the quarter-million words shipped with Password Control come straight out of Webster's Dictionary, but users can add as many words as they like to the dictionary, including words from any language.

The product's dictionary also includes many commonly used first names, known default passwords, and proper names from pop culture. It can also detect common number-for-letter substitutions, which accurately reflects how people are picking passwords today.

For example, Password Control can detect the words "s3curity" (instead of "security"), "passw0rd" (instead of "password"), or "1ovely" (instead of "lovely"). OS/400 would allow these word derivatives as a password, but in reality, hackers are already looking for such letter substitutions.

Password Control can also check for reverse words, repeat words, and the presence of numbers onto the end of a password, such as "flower1," another common technique employed by people who are looking for an easy alternative to hard-to-guess (and hard-to-remember) passwords.

"There are good password controls in OS/400, but they don't allow you to check things such as flower. If you tried a dictionary attack it could be easily guessed," says Brendan Patterson, PowerTech's product manager. "Even if you enforce a digit with OS/400 controls, you can't do flower1 with Password Control."

PowerTech vice president of development, Jack McAfee, who spearheaded development of a similar password product while working for PentaSafe Security Technologies (since acquired by i5/OS security software developer NetIQ), says passwords are often the weakest link in a company's security defense.

"Password Control allows administrators to prevent users from using passwords that are easily guessed. Since IBM System i servers usually host a company's most critical business applications and data, it is imperative that user profile passwords are not easily compromised," he says.

Password Control is available now. Pricing starts at $2,000 for a P10 system. The product supports OS/400 V5R2 or later, and works with OS/400 Password level (QPWDLVL) of 0 or 2 (it doesn't work with the less common setting of 1 and 3, PowerTech says).

In other news, PowerTech is gearing up for its first annual user conference, which will be held next week at the Rio Hotel in Las Vegas, Nevada. The company expects more than two dozen participants, who will attend 18 sessions covering two tracks. Jim Herring, director of iSeries product management and business operations for IBM, will deliver the keynote.

PowerTech also moved its headquarters over the weekend. The company, which has more than 800 customers, needed more space, so it found a larger office in its hometown of Kent, Washington.

For more information, visit www.powertech.com.


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
ALDON

Has your iSeries vendor been blown off course?

Many long standing iSeries companies have merged or been acquired. At Aldon,
we continue to invest in iSeries change management software.
We remain committed to bringing you ALM solutions to
accelerate your application development.

Stay on course and
get on board with Aldon.

Click here for a special offer.
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the 2007 conference, April 29 – May 3, in Anaheim, California
Computer Keyes:  Rapidly convert *SCS printer files into black and white of full color PDF documents
Patrick Townsend & Associates:  Alliance AES/400 - database field encryption

Books on Sale at the IT Jungle Store: 30 Percent Off for 30 Days

The System i Pocket RPG & RPG IV Guide: List Price, $69.95; Sale Price, $49.00
The iSeries Pocket Database Guide: List Price, $59.00; Sale Price, $41.00
The iSeries Pocket Developers' Guide: List Price, $59.00; Sale Price, $41.00
The iSeries Pocket SQL Guide: List Price, $59.00; Sale Price, $41.00
The iSeries Pocket Query Guide: List Price, $49.00; Sale Price, $34.00
The iSeries Pocket WebFacing Primer: List Price, $39.00; Sale Price, $27.00
Migrating to WebSphere Express for iSeries: List Price, $49.00; Sale Price, $34.00
iSeries Express Web Implementer's Guide: List Price, $59.00; Sale Price, $41.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95; Sale Price, $56.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00; Sale Price, $62.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00; Sale Price, $34.00
WebFacing Application Design and Development Guide: List Price, $55.00; Sale Price, $38.00
Can the AS/400 Survive IBM?: List Price, $49.00; Sale Price, $34.00
The All-Everything Machine: List Price, $29.95; Sale Price, $21.00
Chip Wars: List Price, $29.95; Sale Price, $21.00
 
The Four Hundred
IBM Seeks More CODE/400 Converts with WDSc 7.0

Midrange LUGs Are Changing the Way They Operate

Server Sales Up a Bit in 2006, But Q4 Looks a Bit Weak

As I See It: Disorderly Conduct

The Linux Beacon
Chip Makers Strut Their Stuff at ISSCC

AMD Delivers Faster and Cooler Rev F Opteron Chips

Zend Upgrades Commercial Add-Ons for Its PHP Engine

As I See It: Measuring What Counts

Big Iron
IBM Previews Future z/OS, z/VM Mainframe Operating Systems

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Be Content with Content Assist

The Long and Short of Setting Up Level 40 Security

What Happened to My Backup?

System i PTF Guide
February 10, 2007: Volume 9, Number 6

February 3, 2007: Volume 9, Number 5

January 27, 2007: Volume 9, Number 4

January 20, 2007: Volume 9, Number 3

January 13, 2007: Volume 9, Number 2

January 6, 2007: Volume 9, Number 1

The Windows Observer
Ballmer Casts a Pall on Vista Sales Expectations

Microsoft Posts Free Vista Deployment Tools

Alaska Air Takes Off to SCM with AccuRev

Accruent Fills a Gap in Real Estate Management

The Unix Guardian
HP Adds Entry Itanium Servers, Finally Delivers HP-UX 11i v3

Unix Is Dead? It Isn't Even Sick. . .

Chip Makers Strut Their Stuff at ISSCC

As I See It: Measuring What Counts

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

ProData Computer Services
Aldon
Vision Solutions
Bytware
COMMON



TABLE OF CONTENTS
Approva Automates Compliance Efforts with BizRights

PowerTech Unveils New Password Utility

New BOSaNOVA Appliance Encrypts Tape Backups

S4i Gives DASD-Plus a New GUI

News Briefs and Product Shorts:

DataMirror Unveils Transformation Server 6.0 . . . Antares Finds a Systems Management Star in QSystemMonitor . . . Agilysys Updates Content Management System . . . Rexair Taps Quadrant to Improve Document Processing . . . NGS Updates Business Intelligence for Vormittag . . . BROWNtech Streamlines Access to County Records . . .

Four Hundred Stuff

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement