Skip to main content

Is network security too tough on the end user?

With time, trends come full circle.  Security is only as good as the tools you deploy, and insuring that they are properly used.  Why has the user again become the bane of the enterprise network administrator (if they really ever stopped)?

The enterprise user is where all the efforts of the enterprise network administrator are either successfully implemented or is completely negated.  Diligence by the enterprise network administrator has increased security ten fold, yet the user can unintentionally circumvent all that. Programs installed by the user can either bring in viri or trojans, or simple help give hackers a way in or out of the network or devices like the USB keys with storage space.  Enterprise users can unintentionally do as much if not more damage to a network then a determined hacker.

Security dictates that passwords be different (to prevent one comprise cascading to the others causing a total security breach) for each application.  In an example an enterprise network administrator has made complex (complex being a mixture of capitals, numbers and other letters like an exclamation “!”) passwords mandatory on all network resources, and these passwords must also be changed at intervals short enough to prevent them becoming cracked / brute forced. A major challenge being the time frame for each applications password renewal, I myself as security professional can at times feel burdened with all the passwords that I must remember to function everyday.

A normal day for me just from the password standpoint each one being different from the others:

Work process that require a password:

Badge in the building

Login to laptop

Launch VPN

Login to email

Expense report system

CRM tool

Travel booking website

Phone calling card

Conference call line

Human resources website

Team web calendar

Department intranet site

Internal training website

Electronic time card

Personal processes that require a password in the same day:


            Message boards

            Bank website

            Other creditors and or online bill paying website


To add insult to injury administrators can also configure these applications to prevent password recycling (where you use a previous password again).  This has lead many an enterprise user to secretly (or prominently) writing down their passwords. This leads to the full circle of trends, and this totally negates the purpose if the password being secret.

So what?s the answer? No passwords?  Little mini super secret notepads you hide in your underwear?  If your IT dept has the money to get a single sign on, does it work?  Most of the people that I talk to and all the places I have seen single sign on implemented don?t like it/nor does it work.  Poor implementation at this level is due to the single sign on uses some type of plug in for the applications, services packs and system setup is cost on top of the application it?s self.

What we need is an ISO Standard for passwords that all vendors must adhere to, and a set up API calls with the auth sitting in protected memory until being wiped or deleted for a new users to log in.  This way those applications can look at your original authentication for rights to launch the app.  This of course leads to how well the operating system can handle these protected memory space.  Windows .NET or what ever it?s called will let us know how close we come.  If Windows CE is supposed to out sell desktop licenses in the next five years, what does that do for security? 

And the pendulum swings.  Security is a concept, an unobtainable goal.  You never have a secure computer network, just one with security features.

Editors' Recommendations

Zoom launches end-to-end encryption, but with a catch
zoom privacy feature freeze active users meeting office

Not before time, Zoom has finally gotten around to adding end-to-end encryption to its online videoconferencing service.

The security feature, announced by the company on Monday, October 26, is available now for free and paid accounts globally.

Read more
Apple’s iCloud went down for some users on Wednesday
icloud down

Apple's iCloud, the data storage and backup provider, went down Wednesday evening

Users began to experience outages with iCloud's web apps starting about 3:25 p.m. PT, according to Apple's System Status page. Several hundred people reported problems accessing iCloud on DownDetector.

Read more
Privacy-focused Brave browser tests end-to-end encrypted video calling
how javascripts creator will use blockchain to save the internet from ads brave browser lifestyle mem 2

Over the past few weeks, cracks have begun to appear in the security of the video-calling tools we evidently can no longer live without. None of them, including the likes of Zoom and Google Meet, secure your calls end-to-end, which means your data can be potentially accessed and viewed by these companies.

Brave browser wants to be the privacy panacea in this increasingly crowded telecommunications space, and to do that, it’s adding an end-to-end video-calling service. Called Brave Together, it lets users place unlimited, private one-on-one and group video calls right from the browser.

Read more