The Silicon Jungle - David H. Rothman

If your system permits dialing in through a modem, see if it can limit the number of tries that people can make before the modem hangs up the phone. Your dial-up computer should[should] send its name until the caller has given the right ID. Be careful of overly helpful prompts that lead callers on to the next step. “A prompt saying, ‘Hi! This is the Last National Bank Disbursement Department,’ sort of gives the game away, doesn’t it?” says a Creative Computing article laying out precautions. Also, change passwords regularly. And if an employee’s leaving? Change the access codes.

Here’s what I’d ponder if shopping for a password or encryption system:

1. How hard, exactly, would it be to puzzle out? Just how many combinations would a computer cracker have to try? Could he easily do this through his own machine—or yours? You might want to consult a cryptography expert to learn how much of a challenge this particular program would be. You’d be surprised. You may see the manufacturer’s claims instantly deflated.

2. How compatible is the program with your computer? If security is so important, choose the protective software first, then the hardware—assuming, of course, that it will run your applications programs.

3. Is the security program easy to use? If it’s too hard, it’ll be self-defeating. “Ease of use” would include how much time the security software adds to your normal tasks.

4. Are you certain the program won’t jeopardize the accuracy and completeness of your files by making you more accident-prone?

5. Should you expand your system, will the security software be able to grow along?

6. Do you want a public key encryption system? It works this way. You pass out a code that people can use in sending messages to you. Only you have the means to unscramble them, though.

7. Will your code be based on the Data Encryption Standard (DES), published by the U.S. government and repeatedly tested by the National Security Agency (NSA) and the National Bureau of Standards? To this day the rumors persist that NSA has built in a trap door to snoop on DES-style codes. True? I don’t know. Captain Zap says, “I don’t trust it. I don’t think NSA would have approved it if they couldn’t crack it.” NSA-approved codes are overkill in all but the most sensitive systems.

Telenet has a special interest in encryption software. It is the network into which thousands of computer users dial to reach other machines and services like The Source.