Sep 3, 2008

Only 27 Days Left in Packet Sniffing Season

Employees must change e-mail preferences

September 3, 2008
Improving information security

Imagine that your password to get onto the Laboratory's computer network was available to someone outside the Lab. In order to ensure that Laboratory passwords are not viewed while being transmitted, the National Nuclear Security Administration now requires the use of encrypted passwords.

Unencrypted passwords, also known as clear-text passwords, may cross the network "in the clear" and create a security vulnerability, according to Dave Belangia of Information Systems and Technology (IST) Division. Encryption uses cryptography to scramble the password making the transmission of information more secure. For secure e-mail services, unencrypted passwords will not be accepted after September 30, Belangia emphasized.

Employees can follow specific step-by-step instructions for Information Architecture-supported Windows, Mac, or Linux e-mail to change preferences.

The Lab's network security improves by encrypting passwords and ensuring that passwords comply with Lab policy, according to Belangia. Although not required at this time, using a one-time pass code (generated by a Laboratory CRYPTOcard) wherever possible or practical does even more to improve the Laboratory's network security, Belangia added.

Employees also are reminded that their password(s) need to be changed at least every six months and must contain at least eight characters and at least three of the following four elements: English uppercase letters (A, B, C), English lowercase letters (a, b, c), Arabic numerals (1, 2, 3), and non-alphanumeric characters (!, <, #, $).


Anonymous said...

Email is too dangerous. I suggest we block the IP ports to shut it off from the employees at LANL. That way we'll reduce the number of possible security incidents for this coming year. Remember... think PBI, PBI, PBI!

Anonymous said...

the password paranoia is nuts.... the only way to remember all the damned passwords is to write them down... and THAT'S not a risk?

rdarlington said...

Nice to see LANL is only 10 years behind modern computer and network security standards. When I worked there, we were right around 15-20 years behind (3 years ago). Pretty soon they'll be world leaders!