Tuesday, November 11, 2008

IT Security Policies Can Cause Network Data Breaches

Its strange how the network security policies in place at a company can actually damage, rather than enhance their security. Security measures which are too stringent can lead to employees going around security for conveniences sake. Employees can actually create security vulnerabilities which your IT department may not be able to protect against; because they may be unaware that they exist

Not long ago, I spoke with the business director of a large company Ill call her Susan. Her companys IT department requires employee passwords for their network be at least eight characters in length and be comprised of a random mix of letters, symbols and numbers. She also must change her passwords every sixty days. While Susan goes along with the security policies put in place by her IT department, if you were to walk into her office, she has her logon password written right there on her desk - "Password: 1jyhndT".

The work atmosphere in some corporations these time imply understaffing, tight cut-off dates and long-lasting workdays. Each time you add yet another intricacy into the lives of before now overworked employees, it is merely whole that they take convenience more than sentinel. You see each person doing this; like the CEO on trailing to the temps. While it sounds resembling a accepted suggestion to suffer employees bear in mind multipart passwords, anything happens in exercises is that it slows items losing and leads to security human being circumvented.

The actual affair isnt the watch policy; its really a exceedingly noise one - its the way that it is implemented which makes it a business. IT departments are inclined to pushing aside the chap factor whenever they blueprint defender policies. Numerous employees cant keep in mind two compound passwords; and a number of misinformation yet remember one By causing employees adjustment their passwords every two to three months, they further complicate the setting and pretty well energy workers to appoint in insecure lifestyle in calls to get their textbook accomplished once furthermore complying along furthermore company defender policies.

This presents administration a fake discover of picket when it comes to network sentinel, since they dont still know where to gander for doable problems. Lets say that anyone copies losing Susans password and logs in as her - the network monitoring software effortlessly accepts as fact that she is performing at 3 am. These watch techniques will not be able to prevent these attacks excepting the break has before now been accomplished.

Password sentry which pulls off not present suitable implementation is not something which comes without a worth. Resetting passwords can hold anyplace derive pleasure 20 to 50 of an IT departments moment - this translates into concerning 70/occurrence. This occasion and currency may be more proficient second hand by your IT sphere. There are variegated costs; lost productivity every time employees are unable to right to use the network.

A rule of thumb to hold in notice is that the greater the level of password protector without a convenient government system in place, the spare frequently youll hunger to do password resets. Smartcard picket tokens confer a answer which balances productivity, safeguard and technical support.

Smartcard based protector tokens grant staff to influence network and automaton picket one another without compromising the sentinel of your commercial network. They do this by:

1. Giving duple, two factor authentication - the user has the card something they have and the PIN something they know. The mechanical device has the card something it has and stored compound passwords something it knows.

2. Individual transportable to variant machines.

3. Stimulating no briefing is stored on the machine for browsing eyes to get your hands on and use.

4. Convenience - the user simply entails one password.

5. Workers for all time understanding possession of their passwords.

6. Thing chronicle is securely stored and secured in the exercise that the card is stolen or abandoned.

7. The thing can store passwords for a number of accounts.

Smartcard based sentinel tokens cut down chronicle thieves indulge in competently hunting above someones shoulder to grasp passwords or look for currency taped to desks or in drawers bearing this concentration. If each diary is set plus its own unique password, also if a journal thief by some means gets one password, all distinctive accounts are similarly secured. Smartcard based defender tokens grant people to stay inside IT watch policies and hold corporate networks better backed up as giving the convenience workers demanded and hunger. This can brand also the Some careless recruit a defender conscious one.
Regarding the Architect

Dovell Bonnett is the inventor of "On the internet Identity Theft Aid For DummiesR - Current LogOn Edition", founder CEO of

Relaited Links:

Labels: , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home