Art Alexion on 2 Oct 2008 10:00:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

On Thursday 02 October 2008 12:10:33 pm JP Vossen wrote:
>  > Date: Thu, 2 Oct 2008 11:07:58 -0400
>  > From: Art Alexion <>
>  >
>  > Knowing my users, I am considering two problems.
> [...]
>  > Second involves the password itself. It can take up to a month to
>  > teach our users that their VPN password is different from their NT
>  > password, and that their UID and PWD are different on these shared
>  > laptops from their desktops.  When the laptops come back, the UID/PWD
>  > is usually on a post-it on the wrist rest area of the keyboard.  I can
>  > only assume that the encryption password will be stuck there as well.
> That's a really good point, and I don't think you'll find a technical
> solution for it short of two-factor authentication, which I doubt is
> feasible for this project.  Is there a chance you can get upper
> management's support though?  

I almost literally rolled on the floor laughing on that one.  They are the 
worst offenders.

> If no, then fully document the issue and 
> forget it, but if yes, have them create and enforce a policy that
> requires encryption and forbids keeping the password anywhere near the
> device.  (I know, easier said than done.)
> What I mean is, your users are going to write it down anyway, so don't
> fight it.  Since the ID and password are different anyway, fine.  Give
> them a laminated card with the UID, password and encryption password on
> it.  Per upper management policy, *require* that the card be kept in
> their wallet or on their key chain and never, ever, stored with the
> laptop or left in the car, or elsewhere.  

This is a really great idea.  It may not always work, but it is better than 
any idea I have read or considered for solving this issue.

> Anyone found in violation will 
> be etceteraed.  Change the card every time the device is issued if you
> want too.  Give them a printout of stuff from if
> you think it would help.
>  > I really don't care about their data, and our only concern would be
>  > HIPPA.
> Right, and that's a stick to use with management.  I don't like selling
> security using fear, but if nothing else will work...  :-(

I often feel like I work in a company where auditors who suggest "annoying 
security measures" are replaced with new auditors the following year.  Not 
really, but it feels that way.

> might be of use.  Or, they might decide they
> would be in good company and let it go.  :-/
> You know your users and management better than I do, so I hope this is
> useful or at least sparks some ideas...

I really like the wallet card idea.  Instead of fear and threats, it is just 
easy.  The people I work with respond better to easy than threats and fear.

Attachment: signature.asc
Description: This is a digitally signed message part.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --