RE: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP

deji Tue, 19 Sep 2006 19:33:45 -0700

Much as I hate to say it, convenience may win here. I know, I know ..... it's
bad form to have non-expiring passwords, etc, etc. Been there, preached that.
 
However, the usability factor is a non-trivial design consideration, and even
though we all agree that Sales people are not the most clue-ful when we talk
about security, the sales person in this case under discussion does indeed
have a valid point. Until we get to the point where everyone buys into PCI
compliance in financial transactions, and where PCI itself sets passwords
expiration policy for consumers as one of its standard
requirements/benchmarks, the Sales person is right.
 
Get the sales person's stance in writing. It's good for CYA. But, don't fight
it. You have to know your consumers when you emabark on any design project.


Sincerely, 
   _____                                
  (, /  |  /)               /)     /)   
    /---| (/_  ______   ___// _   //  _ 
 ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/                             /)      
                               (/       
Microsoft MVP - Directory Services
www.akomolafe.com <x-excid://32770000/uri:http://www.akomolafe.com>  - we
know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

________________________________

From: Ramon Linan
Sent: Tue 9/19/2006 12:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP


All this comments are great, does anyone have a url or document with a
list of reason for having the passwords expiring or explaining why it is
not a good thing to have non-expiring password?

Thanks 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Kline
Sent: Tuesday, September 19, 2006 12:58 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP

Interesting point....   It doesn't mean a darn thing but it would
interesting to see the sales folk squirm if they were asked to sign a
disclaimer document stating that they'd be responsible for password
related security breeches.   What a shame it wouldn't be enforceable!



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, September 19, 2006 12:26 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP

I have been told (BTW) by the patch management tool folks that still
support customers that buy NT patches  -- that their main customers that
buy NT patches from Microsoft are banks and financial institutions.

Consider as well that when I walk into Bank of America they are running
DOS based apps.

I wouldn't use "banks" as a shining example of security policy...when
BofA has

1.  allowed slammer to nail their ATM networks 2.  Lost backup tapes
causing identity theft

as two such shining examples of security policy in action.

Who's going to be on the firing line when something happens?  Bank of
America?  Or your buns?

If it's your buns, are your comfortable with not changing passwords?

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> I have been involved in externally facing Microsoft sponsored 
> extranet/Sharepoint sites.
>
> The password gets changed.
>
> We have a GUI web portal and we are forced to change the password.
> Sales people set your security policy these days?
>
> Ramon Linan wrote:
>> HI,
>> 
>> I have a SharePoint site for a client, it is driving me crazy because

>> the sales people are telling me that the users for this site, cant 
>> have their password expiring. The client is a government agency, so I

>> don't want to be responsible for any information being stolen.
>> 
>> How big of a security risk is not having password expiring? it seems 
>> to me like security 101, but the sales guy is saying that banks don't

>> ask you to change your password every X day, good point.
>> 
>> 
>> Something I was thinking is having SharePoint authenticating with 
>> their LDAP server, is this possible to do? can anybody point to a url

>> on how to do this?
>> 
>> thanks
>> 
>> Rezuma
>

--
Letting your vendors set your risk analysis these days? 
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] SHAREPOINT AND EXTERNAL LDAP

Reply via email to