Great network security idea

Paraphrased summary from real dialog with a client:

Client: "We want users to have a 2nd password for our new intranet."

Consultant: "But you'll be using Windows integrated security already"

Client: "Right, but our users need to share their Windows usernames and passwords for other purposes, and we don't want someone else to log in to the intranet as someone else and see sensitive information."

Consultant: "You wha-- *choke* *snort* *cough* *spills coffee* *grasps holy amulet of network security*

Does anyone else see the fault in that reasoning? Holy crap. Welcome to the year 2006. This isn't a mom-and-pop shop we're talking about here either.

Print |

posted Friday, February 10, 2006 10:29 AM

filed under [ Code ]

Comments

# re: Great network security idea ::: Matt Shannon said...

There are still places out there that have the username and password set to the SAME value. Or worse, nothing at all.

Posted @ 2/10/2006 10:51 AM

# re: Great network security idea ::: IWKID said...

...... sigh.

Posted @ 2/10/2006 11:03 AM

# re: Great network security idea ::: Jake Good said...

Do you even realize how easy it is to social engineer people for their passwords? Incredibly easy...

"High, my name is Jeff from MediaCom, It seems as though we're having trouble with your cable internet service. We've been trying to check to see if your computer has been online the last few days due to outtages and we're unable to. If you could give us your password to log into your computer, we can quickly check to see if you're connected properly."

or

"High, this is Doug from t-mobile and we seemed to have lost your online password from our records. If you can remember what it is, we can enter it back into the database for you automatically."

hell, half the people out there put their passwords on post-it-notes.

Posted @ 2/16/2006 3:30 PM

Great network security idea

Comments

Post a comment

Search

Tags

Post Categories

Archives