Re: [PLUG] eeePC partitioning suggestions

JP Vossen on 2 Oct 2008 09:10:44 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] eeePC partitioning suggestions

Date: Thu, 02 Oct 2008 12:10:33 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.16 (Windows/20080708)

> Date: Thu, 2 Oct 2008 11:07:58 -0400 > From: Art Alexion <art.alexion@gmail.com> > Knowing my users, I am considering two problems. [...] > Second involves the password itself. It can take up to a month to > teach our users that their VPN password is different from their NT > password, and that their UID and PWD are different on these shared > laptops from their desktops. When the laptops come back, the UID/PWD > is usually on a post-it on the wrist rest area of the keyboard. I can > only assume that the encryption password will be stuck there as well. That's a really good point, and I don't think you'll find a technical solution for it short of two-factor authentication, which I doubt is feasible for this project. Is there a chance you can get upper management's support though? If no, then fully document the issue and forget it, but if yes, have them create and enforce a policy that requires encryption and forbids keeping the password anywhere near the device. (I know, easier said than done.) What I mean is, your users are going to write it down anyway, so don't fight it. Since the ID and password are different anyway, fine. Give them a laminated card with the UID, password and encryption password on it. Per upper management policy, *require* that the card be kept in their wallet or on their key chain and never, ever, stored with the laptop or left in the car, or elsewhere. Anyone found in violation will be etceteraed. Change the card every time the device is issued if you want too. Give them a printout of stuff from http://datalossdb.org/ if you think it would help. > I really don't care about their data, and our only concern would be > HIPPA. Right, and that's a stick to use with management. I don't like selling security using fear, but if nothing else will work... :-( http://datalossdb.org/ might be of use. Or, they might decide they would be in good company and let it go. :-/ You know your users and management better than I do, so I hope this is useful or at least sparks some ideas... Good luck, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] eeePC partitioning suggestions
From: Art Alexion <art.alexion@gmail.com>

Prev by Date: Re: [PLUG] eeePC partitioning suggestions

Next by Date: Re: [PLUG] help with filling a sysadmin position

Previous by thread: Re: [PLUG] eeePC partitioning suggestions

Next by thread: Re: [PLUG] eeePC partitioning suggestions

Index(es):

Date

Thread