| Recent Articles |
Most People Use Linux
I had an interesting conversation the other day with a friend of mine. I was talking about Linux and how he doesn't know anyone other than me that uses it. To me, this was very unusual because almost...
How To Find Which Version Of Linux Your Are...
I have a Virtual Private Server or a dedicated server running Linux, but I'm not sure which version of Linux (Fedora, CentOS, Debian, etc.) the server is running.
TTS With Orca
I have a friend who was blinded when he was young. To say the least, this has caused him a few accessibility problems with computers. Recently, he has been using the TTS (Text-to-Speech) feature in Vista.
Linux For Everyone
I know this has been said many times in the past, but I also thought it was premature until now. My reasoning is based on an experience I had two weeks ago. My cousin bought 2 used laptops from ebay. They where...
|
|
01.20.10
The Weakest Link
 By
Rodney Sellers
Network security is one of the most important topics in IT. Everyone says they have the best solution and want to sell it to you. The only problem is that most people overlook the weakest link in network security, the person behind the computer.
I have seen companies use hardware encryption, software encryption, or combinations of both and still get hacked. The reason you ask, because someone used a password of "password". Most people think if they make a password policy that is complex, people will be forced to follow it. Not really. I have seen passwords such as Password$11. Then they just change the last two number until it reaches 99 and then go back to 11.
I have heard the argument that training will correct the issue. The person goes through training, signs the paper saying they went through training, but never use what they learned. Most companies have a requirement of the amount of training hours they have to do per year. My previous job required 40 hours of training a year. This had to be done online at your computer, but for the help desk workers, this was a problem. They had to still take calls while doing the training. So what do you think they did? They just clicked through the training and everyone copied off each other. I was in many meetings about this issue. No one wanted to tell them they couldn't do it that way because that would mean none of them could get the training done. When you take 50-100 calls in an 8 hour shift, you don't have time for much else. They couldn't log off the phone, so they could take the training because it was already understaffed. Their solution was to let them keep copying off each other but if they did something wrong, that was in the training then they would be written up for it. Many people lost their job over this, and even more complaints were filed, but no one cared. The training was getting done, which make the supervisors/managers look good, and if you screwed up, then you could just replace the person.
Training is a good start on getting people to understand the importance of network security, but you also have to give them time to go through the training. Don't always blame the person behind the computer either. Yes, they may have had an easily hacked password, but did they have good training. If they just click through it like my previous company, then they really didn't go through the training. Bad training policy equals bad network security.
About the Author:
Rodney Is A Staff Writter for iEntry.
|
LinuxProNews is brought to you by: