Wednesday, May 16, 2012
Security
Error 404--Not Found |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.4.5 404 Not FoundThe server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. |
No gambling on security
One of the country's largest gaming and entertainment centers, Mohegan Sun in Uncasville, Conn., came to the conclusion not long ago that password management had become unwieldy.
Mohegan Sun's network had been growing, with dozens of Windows NT and Unix servers, Cisco switches -- not to mention seven AS/400s -- now the responsibility of the 120 IT staff to administer across its sprawling 2-mile-square campus LAN. The IT staff had gotten used to "keeping passwords in their head," acknowledges Jake Star, vice president of computer services. Clearly, that era had to come to an end, and Mohegan Sun found a way out of its password morass by centralizing the process with tight security controls.
Mohegan Sun has done that with Cyber-Ark's Network Vault product, which is meant to hold the administrative password assigned to each server and switch. Any IT administrator who wants to get access to Network Vault has to use to a RSA Security SecurID card to enter a dynamic, one-time password over VPN-based encryption. Cyber-Ark's Vault keeps an audit trail of these changes and additions and who made them.
For Mohegan Sun, this has helped enforce security discipline -- passwords are changed on a more regular basis and no two machines share the same password. "There were some bad habits, like assigning the same administrative password to every box," Star pointed out.
Another advantage, according to Star, is that Cyber-Ark's vault provides a way that administrative passwords can be shared securely. The Vault is configured to allow specific individuals access to specific server password information. But if that person is out of the office or unreachable during a "crisis" moment when that password is needed, others who are authorized can gain access to it-in a somewhat "hidden" way that conceals the actual password.
Star said he isn't done yet in trying to bring password proliferation under control. Mohegan Sun has 10,000 employees, many of whom need network and application access for other than system administration reasons. Mohegan Sun is in early negotiations with a handful of vendors in the identity management and single-sign on arena to find out if these types of products will be an affordable fit for the gaming and entertainment firm, which operates 24 hours a day..
Mohegan's network responsibilities extend beyond its own restaurants, retail outlets, hotel and gaming hall. There are half a dozen restaurants and about two dozen retail outlets that are run independently of Mohegan Sun itself, but still use the campus LAN. These tenants of Mohegan Sun use access to the LAN for sharing information about how many "points" a customer-Mohegan Sun gets about 11 million visitors a year--has accumulated in terms of spending. These points can be redeemed at some of the on-site establishments, and the network allows that information to be quickly shared.
Post a comment
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]