, 2004-02-13
Most people don't secure their computers or act in a secure manner, and the main reason is that the average user just doesn't know what to do. Here is a checklist on security for home computer users that you can share with your friends, family, churches and clubs.
Expand all |
Post comment
Addendum
2004-02-16
Dirk (4 replies)
Dirk (4 replies)
Addendum
2004-02-17
Anonymous (2 replies)
Anonymous (2 replies)
A Home User's Security Checklist for Windows
2004-02-16
David Bala?ic (2 replies)
David Bala?ic (2 replies)
A Home User's Security Checklist for Windows
2004-02-17
Anonymous (1 replies)
Anonymous (1 replies)
A Home User's Security Checklist for Windows
2004-02-18
Anonymous (1 replies)
Anonymous (1 replies)
A Home User's Security Checklist for Windows
2004-02-19
Anonymous (1 replies)
Anonymous (1 replies)
A Home User's Security Checklist for Windows
2004-02-18
Patrick Balleux (1 replies)
Patrick Balleux (1 replies)
you got frustrated with the user and things got
heated. If I?ve misread the tone, I do apologize.
I currently serve an Infosec function for my
company. We do both Awareness and Investigations.
The idea being that if we can train the users
better on the Awareness side, we'll (hopefully)
have less to do on the investigations side of
things. I've been doing this job for 3 years now.
I have to say your user is correct. Passwords are
out of control. Let's see, a password for the
workstation, password for internet access, password
for email, password for any applications... You
know the drill.
But let's not for get the other things that are
really passwords too, PIN Number for Voice mail?
Perhaps you're using SecurId, well there's another
PIN.
You seem to be aware that the users have home
lives, well they've got a bucket load of passwords
for home use. Passwords and PIN's out the Wazoo
(and yes, that's a technical term).
Passwords ARE out of control, and to make rules for
use that will be ignored instead of followed is not
the problem. An awareness program is necessary, and
if your company doesn't have one then you should
consider that you're serving that function
every time you talk to an employee about security.
If this new employee went away from that
conversation as upset as you appear to be, it's a
safe bet that he'll never come back to you for
help.
Yes, you're right, passwords shouldn't be written
down. But on the other hand no one should have to
recall a dozen (or more) passwords. And remember,
these passwords (at least at work) should be
changed three of four times a years.
You can talk to the users not about passwords, but
passphrases. Talk to them about using (where
possible) whole sentences, this way it's easier to
remember. A friend used to use song titles;
currently I?m making my way through latin phrases.
It's a continuous process, think Awareness but sell
it like a product. From the point of view of
getting the message out it's not an awareness
program but an advertising campaign.
Ideally, at least in the corporate environment, we
should get away from passwords. Move into either
the biometric field or perhaps just start using
more token-based identification.
If those are too expensive or hard to implement,
maybe it?s time to start considering that password
safes are needed on the desktop much like nti-virus
software.
I don?t have the answer, but I know from experience
that the last thing you need to do is let the end
user see you getting angry or frustrated. Never let
?em see you sweat.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/220/25092#25092