|
|
|
|
|
|
|
April 7,
2005
Volume 1, Number
3 |
|
|
In
This Issue ·
ZAG Technical Services, Inc.
|
Technology Report:
The Password Problem
Today, users are inundated with passwords. We have passwords for everything. In fact, counting Internet based passwords, the average user has anywhere from five to thirty of them. The increase in the number of passwords that we are required to use has helped to create one of the leading causes of security failures on networks: insecure passwords.
We have so many passwords that we end up either making them all the same, keeping them in our PDA’s or spreadsheets, or even keeping them on Post-It Notes on monitors. Often users share these passwords with each other, and companies never change them; even after a user quits the company, passwords are seldom changed.
The quest for tighter security in Corporate America today has actually created a great deal of insecurity. Many corporations even have problems with ex-employees still accessing company funded web accounts without their knowledge or consent.
There is also a cost implication to passwords. Currently, 25% of all help desk calls are password related for the average company.
Some Possible Responses There are different responses to this problem. Perhaps the most common response, unfortunately, is just simply ignoring the problem. This response usually lasts until the company has one bad password experience. A better response is the implementation of a Single Sign On (SSO) solution. With SSO, an employee uses a single password to authenticate against a service that hosts all of his or her passwords. This service then passes on the user name and password to the application. The end user only needs to know the single password (usually the user's standard Windows password) that authenticates to the SSO, and not the password for each and every other individual system. The Citrix Answer
Citrix is one company that offers a great SSO solution. Known as Password Manager, it fulfils all of the above needs, in addition to others. For instance, the option exists to have the passwords automatically generated and changed in such a way that the end user doesn’t even know what his or her password really is. And, of course, the Password Manager program is uniquely suited to working in a Citrix Presentation Server environment.
Traveling users can keep a remote copy of their SSO info on their laptop so that they can still gain the benefit when they are off site. This database is highly encrypted to protect the passwords that are stored on the laptop.
The Password Manager solution from Citrix seems to be uniquely qualified to meeting these needs. Please feel free to contact us if you would like more information.
ZAG now offers remote scans of networks for the fixed fee of $400. Included in this scan are results that are identified as Informational, Medium and High Severity security failures. A brief write up to describe the important security failures is also included.
Users of this service have been amazed in some cases at the security holes identified within their networks. The scan includes searching for open ports as well as any flaws within the network on open ports. This scan is unobtrusive, so there isn’t a risk of damage to the network. Obtrusive scans are also available if you would like a deeper inspection of your security.
Please feel free to contact us for a further explanation of this service, or to get a sample report of the results.
This email newsletter
was sent to you as a service of ZAG Technical Services, Inc. If for any
reason you do not wish to continue receiving them, please send an email to newsletter@zagtech.com
and you will be removed from future mailings. |
