Security policies can cause violations of network data
It is strange how the network security policy in place in a company can actually damage, rather than enhance their security. Security measures are too stringent can lead to employees going around security for convenience. Employees can actually create security vulnerabilities which your IT department may not be able to protect themselves against, they do not know it exists! Not long ago, I spoke with the sales manager for a large company (I’ll call Susan.) Your company’s IT department requires that the passwords used for its network of at least eight characters long and consist of a random combination of letters, symbols and numbers. You should also change your password every sixty days. While Susan is consistent with the security policies implemented by the IT department, if you were to enter his office, she has her password to sign written on his desk – “Password: 1JY ^ hndT. The environment work in many companies today is the lack of staff, tight deadlines and long hours. When you add a new complication in the lives of employees already overworked, it is natural to choose the comfort of security. ” You see everyone is doing, the CEO until now. Although this seems like a good idea to remember complex passwords have employees, what happens in practice is that it slows things down and led to the safety of circumvention. The real problem is not policy Security is really very good – it’s the way it is done becomes a problem. IT departments tend to ignore the human factor in security policy design. Most people do not remember two complex passwords, and many can not even remember one! By making employees change their passwords every two or three months, further complicate the situation and practically force employees to participate in unsafe practices in order to do their work without losing sight of policies security business. This gives a false sense of security management when it comes to network security, and do not even know where to look for potential problems. Suppose someone copies Password Susan and connects because – monitoring software the network simply accepted as fact that she works at 3:00. These security systems will not be able to prevent these attacks until the damage is done. Password Security offers no practical application is not something that comes without a cost. Resetting passwords can take 20% to 50% of the time computer service – this translates into about $ 70/incident. The time and money could be better used by your IT department. There are other costs , loss of productivity when employees can not access the network. A basic rule to remember is that the higher the level of password security without a practice management system in place, the more often you need to reset your password . security tokens with smart card provides a solution that combines productivity, security and technical support. intelligent security based on smart cards to allow employees to manage the network and computer security are without compromising the security of your corporate network. They do this by: 1. Offering dual two-factor authentication – the user has the card (have) and PIN (something they know). The team has the card (it has) and passwords stored complex (something he knows ). 2. Be portable to other machines. 3. With no information is stored on the computer for prying eyes to find and use. 4. Convenience – the user only needs a password. 5. The employees still have possession your password. 6. token data is safe and protected in the event that it is stolen or lost. 7. The chip can store the passwords for multiple accounts. security chip based smart card to prevent thieves simple search data in someone’s shoulder to find passwords or search for notes registered office or inside drawers on this information. If each account is in line with its own unique password, even if a data thief becomes a kind password, all other accounts are still protected. security chip based smart card to allow workers to remain in IT security policies and maintain corporate networks more secure while offering the convenience of employees want and need . It can even be used as a reckless safety awareness.
Why security issues can be bad news
If the services of Web-based access, such as social networking sites, forums, messages or applications, online banking, you’ve probably had to register a user account. This long process that you must enter a user name and password (or get one assigned to you), which provides a sense of security when accessing the service.
Since a good password (no computer, the words “or” secret “) can be almost impossible to remember (as a combination of characters of ten letters, numbers and punctuation), many services are now using a Security Question” can answer if you forget your username and / or password and need to recover or restore them. By providing a safety issue, these services can help ensure that c ‘really is when a request is made for information access.
Some websites may require even answer this security question and password each time you use their services, offering a level of security expected second account.
Security issues are normally supposed to make you remember, the information should not change. Several common examples are:
* School participated for the first time
* Maiden name of mother
* Name of first pet
* If the spouse is fulfilled
Some sites force you to answer a popular question is predefined maiden name of his mother. Others offer a list of questions to choose from, but some may be able to write their own questions and answers. This allows you to enter private information such as your favorite band name, the name given to the pet rock, or display of celebrity that you place on your wall as a child.
Unfortunately, the answers to some security issues are well known, easy to find, are available online or can be found in public records or a private detective (and if someone wants access to your account, they can through a difficult time .) Therefore, these issues, but is expected to provide a second level of security or eliminate the need for customer service representatives to verify their identity when applying for a new password, you can cause all sorts of problems.
Especially if only a question of security is necessary to obtain or reset a password, or even a combination of a security issue and other personal information, if anyone can guess or get answers to your questions is hunting season in your account!
This type of security question and piracy can not answer and touched many people, including celebrities. For example, according to reports, the interim 2008 Republican vice-presidential nominee Sarah Palin email when someone has violated would have responded to some questions on an application for password reset. These questions have been her birthday, zip code, and where she met her husband (Wasilla High), the information available online or easily guessed.
Now that you know how it can be easy for others to access your account through a security problem, what can you do to protect yourself?
* If the choice, choose the topic of security offered by darkest or write your own question and answer if this feature is available. Choose something that you and only you can know – something that is positive is not available in public records, the Facebook page, or anywhere else online. Never use the name of your mother’s maiden Social Security number, or place of birth, which can be found or because the safety of other issues of privacy and if someone has hack account and read the answers to your security questions.
* Ask for each different security service. Regardless of the level of security that makes your account may be hacked due to poor safety procedures of the web service provider or because an inside job. Someone could read the answers to your questions about the safety and use them to access their accounts at other sites!
* Consider treatment answer your security question as a second password. You can encrypt the response by replacing the letter “O” with a number 0, the letter “L” with number 1, the letter ‘a’ with the @ symbol, etc, but dictionary attacks become more advanced may become less effective. Or “crazy” and create absurd responses, such as their passwords as a combination of letters, numbers and punctuation symbols.
The disadvantage of this method is that your answer may be impossible to remember to store somewhere. And if you forget your secret answer or not found, it may never be able to reset your password! As best you can be able to call customer service or send a copy of your identification to prove their identity. This process may take some time, a problem if, for example, must use an online banking service to pay your utility bill today. And remember that some sites may require you to answer the security question each time you connect, not just if you forget your password.
Although the user Web site security account used to run around a user ID and password, security issues have become very common, especially in the verification of the user during password recovery password. If you are forced to answer this question, try to choose the most obscure as possible so it is not difficult to guess or found. Make different security at each site if your account is hacked again and read their responses. Finally, consider addressing the issue of security as a second password, which makes it more difficult to decipher cryptic. Security issues have become a modern reality of life on the Internet, to learn to use them to your advantage.
Copyright 2009 Andrew Malek.