Dustin Puryear wrote: > Agreed. How often do people tie their VPN into, for example, AD or > LDAP? And how many people tie their email credentials to, for example, > AD or LDAP? So if I get your email credentials from your lost > cellphone or PDA, then I have your VPN credentials..
As I'm sure you know, security is best a layered system. You want to implement security measures as needed to raise the bar as high as possible for the bad guys while still allowing useful work to get done by your users all the while paying attention to the law of unintended consequences. The question you are really asking is the benefit of compartmentalizing different services into different access schemes versus the benefit of a single sign-on system. On its surface, different passwords yields better security while a single sign-on yields better convenience. However, due the law of unintended consequences, if you require myriad different passwords, you are greatly increasing the chances that your user will use a less secure password (because they have to think of more passwords), that your user will write those passwords down on a sticky note or in an otherwise less than secure system (because they have to remember the passwords), and that your user will lose one or more of them (because they have to keep track of the passwords). Also, as was pointed out, when a user does lose a password (or all of them, in the very likely case of either them using the same password everywhere, or the slightly less likely case of them putting the passwords all together), you are making them go through more work to change it, and therefore more chance that they will either not change it at all or not change it correctly. So, for multiple passwords to be a net win, you need users that are able to properly create, manage, and secure multiple passwords. So, in either case, it's back to the quality of your users. And, being security-minded, I'm sure that having the entire security of your network be reliant on the quality of your users is making alarms go off in your head. Therefore, it's better to assume that the bad guy is going to get the password of your average user (because it's going to happen at some point anyway), and design the layers of your security around that fact. I'm not saying to abandon the security of your passwords, by the way.. just don't base all of your security around it. For the particular question of a separate email password versus password for everything else, that really depends on your environment, your users, and what you are securing -- the classic security trade-off between secure versus usable. There's no one correct answer. Note that I am above talking primarily about network security still. As far as data security, passwords offer little protection above the quality of your user with respect to the data they legitimately have access to. So, in my mind, I equate data security with network security in that I don't want them to be able to leak data they don't have access to... in fact, I don't want them to have access to it :-) > This really has nothing to do with admins. Not really, no.. that was mostly a sarcastic remark, that nevertheless does point out that your admins need to be above-average users, for whom different passwords could work more effectively. Kevin > > Wednesday, February 14, 2007, 6:40:32 PM, you wrote: > >> The admin isn't the only user that has valuable information. I don't >> think we are talking only about network security, but data security as well. > >> --mat > >> Kevin Kreamer wrote: >>> Dustin Puryear wrote: >>> >>>> What are your thoughts on whether email accounts should be separate >>>> from normal network accounts? Pros? Cons? Should companies just not >>>> allow external access to email via POP or IMAP and just require >>>> Webmail access so users have to manually enter passwords? Does that >>>> solve the real problem? I'm interested in hearing what everyone has to >>>> say. >>>> >>> I'm going to add here the opinion that if your network security relies >>> on the security of non-admin user passwords, you've already got >>> problems. Likewise if your admins pick insecure passwords or write them >>> down in sticky notes. >>> >>> Kevin
