Re: How to prevent a controlled password from being handed out..
You'll finally meet with someone that has no shame -- and then what? :) * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Mon, Jun 4, 2012 at 12:22 PM, David Lum david@nwea.org wrote: In our case it was the administrative PGP encryption password that would let you log in to any encrypted system. Our Service Desk would occasionally hand it out to users instead of going through an extended rigmarole to get in themselves: Make it something embarrassing to say! ** ** I did this a few months ago and it has worked wonders…I am certain they haven’t handed it out to anyone, but J *David Lum* Systems Engineer // NWEATM Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 ** ** ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How to prevent a controlled password from being handed out..
or you get somebody that will take offense and report it... - Original Message - You'll finally meet with someone that has no shame -- and then what? :) ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Mon, Jun 4, 2012 at 12:22 PM, David Lum david@nwea.org wrote: In our case it was the administrative PGP encryption password that would let you log in to any encrypted system. Our Service Desk would occasionally hand it out to users instead of going through an extended rigmarole to get in themselves: Make it something embarrassing to say! I did this a few months ago and it has worked wonders…I am certain they haven’t handed it out to anyone, but J David Lum Systems Engineer // NWEA TM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How to prevent a controlled password from being handed out..
Do the same as the cryptography itself, which serves to make the system orders of magnitude more expensive to crack than the value of the data secured... Choose a master password too outlandishly annoying to enter or speak: o(O|(l1__|a8Bbq`bB0fvF'|lpsO or the like. Then, simply write network egress and Exchange transport rules that look for the last five characters in email or IM and automatically start an HR termination on the sender. Easy! --Steve On Mon, Jun 4, 2012 at 12:22 PM, David Lum david@nwea.org wrote: In our case it was the administrative PGP encryption password that would let you log in to any encrypted system. Our Service Desk would occasionally hand it out to users instead of going through an extended rigmarole to get in themselves: Make it something embarrassing to say! I did this a few months ago and it has worked wonders…I am certain they haven’t handed it out to anyone, but J David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How to prevent a controlled password from being handed out..
Require a second factor of authentication that is of a something you have variety (smartcard, OTP etc.)? Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Tuesday, 5 June 2012 12:23 AM To: NT System Admin Issues Subject: How to prevent a controlled password from being handed out.. In our case it was the administrative PGP encryption password that would let you log in to any encrypted system. Our Service Desk would occasionally hand it out to users instead of going through an extended rigmarole to get in themselves: Make it something embarrassing to say! I did this a few months ago and it has worked wonders...I am certain they haven't handed it out to anyone, but :) David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin