JP Vossen on 2 Oct 2008 09:10:44 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

 > Date: Thu, 2 Oct 2008 11:07:58 -0400
 > From: Art Alexion <>

 > Knowing my users, I am considering two problems.
 > Second involves the password itself. It can take up to a month to
 > teach our users that their VPN password is different from their NT
 > password, and that their UID and PWD are different on these shared
 > laptops from their desktops.  When the laptops come back, the UID/PWD
 > is usually on a post-it on the wrist rest area of the keyboard.  I can
 > only assume that the encryption password will be stuck there as well.

That's a really good point, and I don't think you'll find a technical 
solution for it short of two-factor authentication, which I doubt is 
feasible for this project.  Is there a chance you can get upper 
management's support though?  If no, then fully document the issue and 
forget it, but if yes, have them create and enforce a policy that 
requires encryption and forbids keeping the password anywhere near the 
device.  (I know, easier said than done.)

What I mean is, your users are going to write it down anyway, so don't 
fight it.  Since the ID and password are different anyway, fine.  Give 
them a laminated card with the UID, password and encryption password on 
it.  Per upper management policy, *require* that the card be kept in 
their wallet or on their key chain and never, ever, stored with the 
laptop or left in the car, or elsewhere.  Anyone found in violation will 
be etceteraed.  Change the card every time the device is issued if you 
want too.  Give them a printout of stuff from if 
you think it would help.

 > I really don't care about their data, and our only concern would be

Right, and that's a stick to use with management.  I don't like selling 
security using fear, but if nothing else will work...  :-( might be of use.  Or, they might decide they 
would be in good company and let it go.  :-/

You know your users and management better than I do, so I hope this is 
useful or at least sparks some ideas...

Good luck,
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --