The Importance of Creating a Secure Password for Your System or Network

Creating a secure password for your system or network is the cornerstone of an effective security strategy.   I continued to be amazed, however, by how many people, who have access to content critical to their organization’s success, fail to take the time to create more complex passwords that will protect this content.

Many users continue to place priority on convenience over security, and as a result, they choose passwords that are simple for hackers to decipher. Recently, SplashData, which develops password management applications, released its annual “Worst Passwords for 2012” list, compiled from common passwords that are posted by hackers.  The top three passwords were the actual word, “password,” “123456,” as well as “12345678” have not changed since last year. The worst passwords for 2012 also demonstrate that people are not even changing default passwords – still choosing convenience over security.

Furthermore, although there are some benefits to creating a simple, common password, such as being easy to recall when time to logon to your network or system, these benefits are miniscule compared to the harm a hacker can do your content and network.

Source: Washington State Office of the Attorney General

Source: Washington State Office of the Attorney General

Below are some tips on what makes a password “strong:”

  • It is at least eight characters long
  • It does not contain your username, real name, or company name
  • It does not contain a complete word
  • It is significantly different from previous passwords
  • It includes numbers and symbols, as well as a mixture of uppercase and lowercase letters

It is important for IT managers and system administrators to ensure that users are aware of the necessity of maintaining secure passwords. IT teams should educate users about the importance of strong passwords and how to implement measures that will ensure users’ passwords are effective. Furthermore, IT managers and system administrators also need to stay alert and always one step ahead, such as by discovering potential weak passwords before the hacker does.

IT teams can deploy firewalls, endpoint security, malware analysis and the complete arsenal of solutions to thwart cyberthreats.  But, something as basic as a more complex password is critical to strengthen the first line of defense.

I’d like to hear from IT teams that have had success in encouraging users to adopt more sophisticated passwords.  Share your secrets for success!


The Top Ten Hot Spots Of Performance Bottlenecks

What are performance bottlenecks and where can you detect them? 

Performance bottlenecks are places within an application that prevents the application from running as fast it should. Finding performance bottlenecks in applications is becoming a critical aspect of any enterprise level load testing exercise. However, the trouble with performance bottlenecks, is that they can be tough to identify, and in most cases, when you hear the words “performance bottleneck,” the typical culprits that come to mind are CPU, memory, disk and network. Although these are definite good places to start identifying bottlenecks, it’s also important to realize that these aren’t the only places where problems can lurk.  While there isn’t a magic bullet to detect performance bottlenecks, knowing where to look can improve your aim.

Source: Knowledge Sharing

Source: Knowledge Sharing

Below are the top ten hot spots IT managers and administrators should look into when detecting a performance bottleneck:

1) CPUs can handle millions of calculations and instructions, but performance suffers when the number of operations exceeds capacity. Furthermore, it is important to note that CPUs that sustain greater than 75 percent busy numbers will slow the entire system, and need room for activity where loads can reach 100% for short periods of time.

2) Memory – Performance bottlenecks that seem to implicate lack of memory are often the result of poorly designed software that manifest themselves as memory issues. The key to solving memory performance problems is to find the root cause of the symptom before adding more RAM.

3) Storage – There are practical and physical limits to performance even when using the best contemporary disk technology, so it is important for the user to combine and separate workloads on disks. In addition, it is important to note that local disks are still faster than the fastest NAS or SAN.

4) Network – The network is the most commonly blamed source of performance bottlenecks, but in reality it is rarely the source, unless there is a network component hardware failure, such as damaged switch port, bad cable or router configuration problems.

5) Applications – Poorly-coded applications sometimes masquerade themselves as hardware problems.  One symptom that may indicate this scenario occurs when a given application is running and the system slows down, but once the application is closed, system performance improves again.

6) Malware – Viruses, trojan horses and spyware account for a large percentage of perceived performance bottlenecks, and can reside on one or more servers, the user’s workstation, or a combination of the two. Antivirus, antispyware, local firewalls, network firewalls and a regular patching regimen will help protect systems and prevent resultant bottlenecks.

7) Workload – ITG teams should measure network capacity and performance regularly and increase capacity when activity is approaching performance limits.  It is vital for users also to also monitor their computers and other devices and inform IT teams where their equipment is reaching performance limits.

8) Outdated Hardware – The older the hardware, the more likely it is to fail. The best way to prevent tragedies such as sudden disappearance of data  is to always back up critical files to a server or at least an external hard drive, as well as monitor system performance regularly.

9) Filesystem – Each filesystem, such as JFS, XFS and NTFS, has a specific purpose, and using the incorrect one for an application can have disastrous results. It is important for users to consider filesystem choices wisely and to select the best one for the job.

10) Technology – The technology you select for your infrastructure is the foundation of your network’s performance.  Always survey key members of your organization in advance to estimate anticipated network needs up to 2-3 years down the road, and then purchase hardware accordingly.  Given the explosion of content today, make sure all hardware features scalability. Also study hardware price trends it sometimes pays to buy more capacity than you need initially, sometimes not.  Storage, for example, continues to decrease in price per megabyte, so as long as your storage architecture is flexible, you can save money by purchasing just what you need for the short term and then add to it.

I hope this has been helpful and look forward to comments and strategies from you!