Greetings,

I'm faced with a project that deals with accessing databases by way of ini
or config files. Basically the apps/scripts are sourcing files to gain
passwords. Some of which are in plaintext. These files can be on windows
or unix boxes. The programs from .Net or Power Builder to VBS and shell
scripts. Can be interactive or non interactive and are batch type in
nature and can run from cron and or windows scheduler.

Guess my question is how are others doing this and or not doing this?
Industry Best Practices? etc... Single signon, encrypting/decrypting tool,
etc... Also, if you know of any security companies that deal with this.
I've already talked with RSA Security and waiting info from HP.

Any insight into what others are doing would be greatly appreciated.

Thanks

Darren_Jacobs@carmax.com wrote:
> Greetings,
>
> I'm faced with a project that deals with accessing databases by way of ini
> or config files. Basically the apps/scripts are sourcing files to gain
> passwords. Some of which are in plaintext. These files can be on windows
> or unix boxes. The programs from .Net or Power Builder to VBS and shell
> scripts. Can be interactive or non interactive and are batch type in
> nature and can run from cron and or windows scheduler.
>
> Guess my question is how are others doing this and or not doing this?
> Industry Best Practices? etc... Single signon, encrypting/decrypting tool,
> etc... Also, if you know of any security companies that deal with this.
> I've already talked with RSA Security and waiting info from HP.
>
> Any insight into what others are doing would be greatly appreciated.
>
> Thanks
>

http://vpn.shmoo.com/vpn/vpn-crypto.html


More Recommended Reading:
--from "An Introduction To Cryptography"
http://www.ncsa.uiuc.edu/People/ncsa...troToCrypto%22

“Cryptography for the Internet,” by Philip R. Zimmermann. Scientific
American, October 1998. This article, written by PGP’s creator, is a tutorial
on various cryptographic protocols and algorithms,many of which happen
to be used by PGP.

• “Privacy on the Line,” by Whitfield Diffie and Susan Eva Landau.MIT Press;
ISBN: 0262041677. This book is a discussion of the history and policy
surrounding cryptography and communications security. It is an excellent
read, even for beginners and non-technical people, and contains
information that even a lot of experts don't know.

• “The Codebreakers,” by David Kahn. Scribner; ISBN: 0684831309. This book
is a history of codes and code breakers fromthe time of the Egyptians to the
end of WWII. Kahn first wrote it in the sixties, and published a revised
edition in 1996. This book won't teach you anything about how
cryptography is accomplished, but it has been the inspiration of the whole
modern generation of cryptographers.

• “Network Security: Private Communication in a Public World,” by Charlie
Kaufman, Radia Perlman, and Mike Spencer. Prentice Hall; ISBN:
0-13-061466-1. This is a good description of network security systems and
protocols, including descriptions of what works, what doesn't work, and
why. Published in 1995, it doesn't have many of the latest technological
advances, but is still a good book. It also contains one of the most clear
descriptions of how DES works of any book written.

Intermediate books
• “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” by Bruce
Schneier, John Wiley & Sons; ISBN: 0-471-12845-7. This is a good beginning
technical book on how a lot of cryptography works. If you want to become
an expert, this is the place to start.