Everything you ever wanted to know about security policy management, and much more.
Passwords represent the essence of network security. Most systems you interact with on a daily basis have some form of password-related access control. From network infrastructure devices to mobile endpoints and out to the cloud – there’s an untold number of systems that rely, sometimes solely, on passwords to keep things secure. But you have to be careful. I often find password-related security oversights in the most secure of environments. Here are some tips for things you need to be on the lookout for:
Rather than these being intentional password security oversights, I think they’re simply a case of not being able to see the forest for the trees given how complex the average network is today. Still, all it takes is one weak password on one system to completely negate all other enterprise security controls. So, never forget that you could have the best security controls in the world but all it takes is one gullible and overly-willing user to provide their network login credentials when prompted with a cleverly-crafted phishing email.
Some people will argue that passwords are dead and we have to move on from such an archaic means of access control. That’s a great goal to have but it’s not realistic as I’m pretty sure we’re not going to see big changes in this area in the coming years. One or more of the password security risks I outlined above are present in most network environments and they’re likely creating tangible risks in your business today. It’s up to you to figure out where the weaknesses are and do what it takes both technically, culturally, and politically to address password issues where possible and necessary.
Receive notifications of new posts by email.