{"id":158,"date":"2006-10-26T00:00:00","date_gmt":"2006-10-26T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/10\/26\/super-power-password-protection-watching-you-watching-me\/"},"modified":"2021-12-30T11:36:37","modified_gmt":"2021-12-30T11:36:37","slug":"super-power-password-protection-watching-you-watching-me","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/10\/26\/super-power-password-protection-watching-you-watching-me\/","title":{"rendered":"Super Power Password Protection &#8211; Watching You Watching Me"},"content":{"rendered":"<p>Confidential emails, files, financial data, instant messaging data, you name it, find their way into the public domain and overnight a company is faced with a crisis or an individual\u2019s private indiscretions become public property.  And regardless of whether or not in some cases there may be am issue of the &#8220;greater good&#8221;, ultimately questions have to be asked as to why nothing seems to be confidential anymore.  So who can have access to information, and why in spite of all the security that organisations have in their IT infrastructure is this still a daily occurrence?  In a recent Cyber-Ark survey of large enterprises over 50% of organisations admitted to rarely if ever changing the passwords for shared accounts in their infrastructure.  They are not being changed frequently according to the enterprise policy, mainly due to the overwhelming operation that must take place after their change &#8212; notifying administrators, changing scripts and applications and setting the passwords in services that use them.  Even more revealing was the admission that although 99% of enterprises enforced password changes for users on their PCs, only 1% changed the administrator password on the same device, and in the vast majority of cases the administrator password was the same on every PC in the company.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In many enterprises today the task of system management has been outsourced, including the installation and provisioning of employees workstations, with the result that these administrative passwords are controlled by third parties.  They can retrieve any file that the end user is working on, and since office documents set up local temporary files, when the user opens a file, it can be accessed by the intruder.<\/p>\n<p>Now you may be reading this and saying &#8220;this is just a re-hash of commonly known hacking risks&#8221;, and you would be right.  But in this case the risk is not the outsider but the insider who is trusted and whose job it is to actually look after your workstation and administer the network.  Access to a shared account must be logged so that the individual who requires a particular password should be required to provide a reason, and this request should be authorized &#8212; dual control.  This is simply common sense advice to any enterprise that values its confidentiality, and is not in the business of unnecessary risk.<\/p>\n<p>The figures showing a decrease of 83% in burglaries in Cleveland, identified that the decrease was a direct result of people taking the advice of the police about proper security measures.<\/p>\n<p>http:\/\/www.net-security.org\/article.php?id=954&#038;p=1<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-158","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=158"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/158\/revisions"}],"predecessor-version":[{"id":2645,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/158\/revisions\/2645"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}