Is network security too tough on the end user?

With time, trends come full circle.  Security is only as good as the tools you deploy, and insuring that they are properly used.  Why has the user again become the bane of the enterprise network administrator (if they really ever stopped)?

The enterprise user is where all the efforts of the enterprise network administrator are either successfully implemented or is completely negated.  Diligence by the enterprise network administrator has increased security ten fold, yet the user can unintentionally circumvent all that. Programs installed by the user can either bring in viri or trojans, or simple help give hackers a way in or out of the network or devices like the USB keys with storage space.  Enterprise users can unintentionally do as much if not more damage to a network then a determined hacker.

Security dictates that passwords be different (to prevent one comprise cascading to the others causing a total security breach) for each application.  In an example an enterprise network administrator has made complex (complex being a mixture of capitals, numbers and other letters like an exclamation “!”) passwords mandatory on all network resources, and these passwords must also be changed at intervals short enough to prevent them becoming cracked / brute forced. A major challenge being the time frame for each applications password renewal, I myself as security professional can at times feel burdened with all the passwords that I must remember to function everyday.

A normal day for me just from the password standpoint each one being different from the others:

Work process that require a password:

Badge in the building

Login to laptop

Launch VPN

Login to email

Expense report system

CRM tool

Travel booking website

Phone calling card

Conference call line

Human resources website

Team web calendar

Department intranet site

Internal training website

Electronic time card

Personal processes that require a password in the same day:

            ATM

            Message boards

            Bank website

            Other creditors and or online bill paying website

            PDA

To add insult to injury administrators can also configure these applications to prevent password recycling (where you use a previous password again).  This has lead many an enterprise user to secretly (or prominently) writing down their passwords. This leads to the full circle of trends, and this totally negates the purpose if the password being secret.

So what?s the answer? No passwords?  Little mini super secret notepads you hide in your underwear?  If your IT dept has the money to get a single sign on, does it work?  Most of the people that I talk to and all the places I have seen single sign on implemented don?t like it/nor does it work.  Poor implementation at this level is due to the single sign on uses some type of plug in for the applications, services packs and system setup is cost on top of the application it?s self.

What we need is an ISO Standard for passwords that all vendors must adhere to, and a set up API calls with the auth sitting in protected memory until being wiped or deleted for a new users to log in.  This way those applications can look at your original authentication for rights to launch the app.  This of course leads to how well the operating system can handle these protected memory space.  Windows .NET or what ever it?s called will let us know how close we come.  If Windows CE is supposed to out sell desktop licenses in the next five years, what does that do for security? 

And the pendulum swings.  Security is a concept, an unobtainable goal.  You never have a secure computer network, just one with security features.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Gaming

EA is losing out on the true potential of Titanfall studio with ‘Apex Legends’

Apex Legends is a solid battle royale game, but one can’t shake the feeling that its creation was dictated by Respawn’s new owners: Electronic Arts. In the process, the studio’s soul could be lost.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Computing

How to change your Gmail password in just a few quick steps

Regularly updating your passwords is a good way to stay secure online, but each site and service has their own way of doing it. Here's a quick guide on how to change your Gmail password in a few short steps.
Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Gaming

The 'Anthem' demo's crash landing raises more questions than answers

Bioware bravely allowed gamers to see a large chunk of 'Anthem' over two demo weekends, but it backfired. Lackluster missions, performance issues, and muddled messaging over micro-transactions leaves the game with an uphill battle.
Computing

In the age of Alexa and Siri, Cortana’s halo has grown dim

In a sea of voice assistants, Cortana has become almost irrelevant. The nearly five-year-old voice assistant is seeing little love from consumers, and here’s why it is dead.
Gaming

Apex Legends proves battle royale is no fad. In fact, it’s just getting started

Apex Legends came out of nowhere to take the top spot as battle royale in 2019, and it now looks as if it'll be the biggest game of the year. Its sudden success proves the battle royale fad still has plenty of life left in it.
Home Theater

Apple is arming up to redefine TV just like it did the phone

Curious about what Apple's answer to Netflix will be? Us too. So we combed through some patents, and looked at the landscape, to come up with a bold prediction: Apple's streaming service will be way bigger than anyone thinks.
Home Theater

How the headphone jack helps Samsung out-Apple the king

Samsung’s latest flagship phones and wearables unveiled at the Galaxy Unpacked event had plenty of exciting new tech. But one of the most useful features Samsung revealed is also the oldest: The mighty headphone jack.
Gaming

Age of Empires II thrives 20 years later. Here's what Anthem could learn from it

Age Of Empires II is approaching its 20th birthday. It has a loyal following that has grown over the past five years. New always-online games like Anthem would love to remain relevant for so long, but they have a problem. They're just not…
Gaming

Devil May Cry is Fantastic, but I still want a DmC: Devil May Cry sequel

Capcom's Devil May Cry 5 is one of the best games of 2019 and a welcome return for the series, but its success should not discount just how wonderful Ninja Theory's DmC: Devil May Cry really was.
Smart Home

Alexa may be everywhere, but it’s Google’s Assistant I want in my home. Here’s why

The Amazon Alexa may have the Google Home beat in quantity of skills and compatibility with other products, but does that really matter when Alexa falls flat for day-to-day conversation?
Gaming

DMC 5’s greatness is a reminder of all the open world games that wasted my time

Devil May Cry 5 modernizes the stylish action combat while retaining its storied PS2 roots. More so, though, it reminded me that we could sure use more linear, single player games to combat the sea of open world games.