Abstract :
I know in my heart-of-hearts that computer security is important, but I have to admit that there are times when living with my company´s security policies can be quite an annoyance. For example, my computer periodically insists that I change my password every few months. If I don´t, it tells me “Password expired, choose a new one:” and forces me to select a password that is sufficiently different from my old one to keep it happy. It´s annoying, but I´ve learned to accept it. That simple sort of computer security is something we´re all used to, but now we have to face the additional threat of attacks on our networks. In fact, for some people, mistrust of networks is sufficient justification to refuse to connect their host computers to a network. Of course, there are plenty of brute force solutions for the faint of heart. One can put DES encryption boxes on every terminal and on every port of every host. That is a very expensive solution, especially if only 10 percent of your 2000 hosts need that level of protection. The nervous computer system administrator also has to face the possibility of an intruder mounting an attack on one of the unprotected hosts by tapping an access line and observing a password being entered.
