Network Password Policies and Authorization

Network Password Policies and Authorization Considerations

To meet the requirements of adequately protecting the organization's computer system from malicious infiltration, it is essential that the information technology (it) manager establish, monitor, and enforce company policies to ensure the security of authorized network users' passwords and authentication. On one hand, password security and authentication protocols are only component parts of a comprehensive approach to network security; on the other hand, they are two of the most effective components that can be fully implemented at comparatively little cost in relation to other aspects of computer network protection.

Furthermore, according to most cyber security experts, merely enhancing password protection protocols and implementing appropriate authentication security layers is sufficient to prevent the vast majority of attempted malicious system infiltration instances. That is largely because the frequency of relatively sophisticated infiltration methods is much less than the frequency of less sophisticated infiltration methods such as those that exploit elementary violations of fundamental password security and authentication mechanisms.

The vast majority of malicious professional computer network infiltration attempts involve fundamental breaches of basic password security protocols (Kizza, 2005). Typically, unauthorized entities conduct probes of computer networks via specialized applications capable of conducting thousands of attempts per second systematically trying letter and number configurations according to algorithmic formulas based on the statistical frequency of specific letter combinations and number sequences (Larson, 2007). In that regard, some of the costliest network infiltrations have actually been traced to the failure of authorized users to change their terminal passwords from "password" as instructed (Larsen, 2007).

Therefore, the single most important aspect of password security can be implemented without any direct costs except for the nominal costs associated with the amount of time necessary to monitor them. All network authorized personnel must be instructed to use "strong" passwords consisting of at least 8 characters; they must include at least one upper and one lower case letter, at least one Arabic number, and at least one "special character" in addition to avoiding any form or abbreviation of the user's first or last name (Boyce, 2002; Kizza, 2005).

Network administrators must also implement applications capable of ensuring compliance by automatically rejecting improper password choices. Additionally, administrators must require authorized users to change their passwords at specific intervals. Finally, office managers must monitor compliance with common-sense rules about behavioral aspects of password security, such as prohibiting divulging passwords to co-workers, requiring users to log off if they leave their terminals, and by providing training into recognizing attempted social engineering to obtain secure information through deception (Larson, 2007).