THE WHATIS.COM WORD-OF-THE-DAY November 8, 2002 CRAM ______________ TODAY'S SPONSOR: VeriSign - The Value of Trust
Secure all your Web servers now - with a proven 5-part strategy. The FREE Server Security Guide shows you how to: - DEPLOY THE LATEST ENCRYPTION and authentication techniques - DELIVER TRANSPARENT PROTECTION with the strongest security without disrupting users. And more. Get your FREE Guide now: http://WhatIs.com/r/0,,7316,00.htm?freeguide ______________ TODAY'S WORD: CRAM See our definition with hyperlinks at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci861581,00.html CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP). The two levels are basic authentication and digest authentication. Using the CRAM, the server (or, alternatively, a proxy server or gateway) issues a challenge to a user in the form of a "401 unauthorized" request for a password. The password is a string of characters known only to the user and the server. When the server receives the user response, it checks to be sure the password is correct. If so, the user is authenticated. If not, or if for any other reason the network does not want to accept the password, a "403 forbidden" message is issued, and access to the site is denied. The CRAM can be used in addition to other security features, such as strong encryption. The basic form of CRAM can be abused because passwords are comparatively easy to steal. In digest authentication, the more sophisticated of the two forms of CRAM, the password does not appear as plain text sent over the network. This enhances security but does not provide entirely hack-proof protection. Even digest CRAM can be defeated under certain circumstances, giving an unauthorized hacker superuser status. This makes it possible for the hacker to launch a denial-of-service attack, making it difficult or impossible for authorized users to obtain authentication. RELATED TERMS: capacitance http://whatis.techtarget.com/definition/0,,sid9_gci211742,00.html wireless http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213380,00.html voltage http://whatis.techtarget.com/definition/0,,sid9_gci213320,00.html chassis http://whatis.techtarget.com/definition/0,,sid9_gci211774,00.html radio-frequency http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214263,00.html antenna http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci211571,00.html ______________________ SELECTED LINKS JavaPro provides an overview in a paper called "Better Security with J2EE." http://www.fawcette.com/Archives/premier/mgznarch/javapro/2001/bgfall01/sh01bg/sh0113-1.asp SearchSecurity.com provides links to more information about authentication. http://searchsecurity.techtarget.com/search/1,293876,sid14,00.html?h=true&query=authentication ______________________ QUIZ #32 | Logic Chips How much do you know about the little machine inside your computer that carries out the orders of whatever program happens to be in charge? We're betting you know quite a bit - no pun intended! >> Take the quiz http://whatis.techtarget.com/definition/0,,sid9_gci861268,00.html ______________________ CROSSWORD PUZZLE #6 | Wireless Improve your flexible thinking skills. Print out the puzzle and keep it nearby to work on throughout your day! http://whatis.techtarget.com/definition/0,,sid9_gci861329,00.html ______________________ REAL-LIFE CHALLENGE #19 | Internet banking while at work Rob's fellow employees want to know if it's safe to do their Internet banking over the company LAN. Can you advise them? http://whatis.discussions.techtarget.com/WebX?msgInContext@;233.yYyLaVl9sHU.5@.1dcfae0e/154 ______________________________ RECENT ADDITIONS AND UPDATES [1] nagware http://whatis.techtarget.com/definition/0,,sid9_gci860960,00.html [2] Daylight Saving Time http://whatis.techtarget.com/definition/0,,sid9_gci860747,00.html [3] X dimension http://whatis.techtarget.com/definition/0,,sid9_gci860044,00.html [4] DOT4 http://searchhp.techtarget.com/sDefinition/0,,sid6_gci860597,00.html [5] Stefan-Boltzmann constant http://whatis.techtarget.com/definition/0,,sid9_gci861008,00.html ____________________________________________________________________ ::::::::::::::::::: WHATIS.COM CONTACTS ::::::::::::::::::: LOWELL THING, Site Editor ([EMAIL PROTECTED]) ____________________________________________________________________ MARGARET ROUSE, Associate Editor ([EMAIL PROTECTED]) ___________________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER ::::::::::::::::::::: Published by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you would like to sponsor this or any TechTarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] Unsubscribe from 'Word of the Day' - Simply Reply to this Email with REMOVE within the Body or Subject > or - Go to: http://WhatIs.techtarget.com/register - Log in to edit your profile. - Click on the link to Edit email subscriptions. - Uncheck the box next to the newsletter you wish to unsubscribe from. - When finished, click "Save Changes to My Profile."
