Login Signup
Verified Document

The Wrong Way To Keep List Of Passwords Case Study

Related Topics:
Security Syntax Theory Reviews
Open Document Cite Document

¶ … Email Spreadsheet Dear Mr. Rocco,

After conducting a review of some of your systems and files, I came across something that you should be aware of. In one of the share folders that is amongst your networks drives and storage, a file that contains the emails and passwords of your staff was present in the form of a spreadsheet with no apparent security measures present. This is unwise and needs to be changed for a number of reasons, and they are as follows:

• Having such a file present in an insecure area makes the file and its information potentially available for anyone that happens to find it. This is obviously something that cannot be allowed

• Even if the file was only available for the IT staff that is doing password changes and the like, not even they should have direct and unfettered access to that information. They should indeed be able to verify identity and reset password information. However, the IT users themselves should not have access to that information because there is no need for them to have it themselves and the IT staff could, in theory, use the username and password information to do things in the name of other people without detection....

Generally speaking, the only person that should have access to a certain account and its password is that person, without exceptions for the most part.
• A middle ground that could be used is to have a default reset password that people use and then the person whose password is being reset must be changed right away.

• Regardless of the system and procedure that is used, the passwords should never be in a share or a file that is completely secure and all of the personnel should be using the eact same procedure and systems to do password resets. It should be available to the IT staff and other authorized personnel and that is it.

• One consideration that should be kept in mind when it comes to a unified and secure solution is access to whatever solution and procedure is in question when the IT staff is away from the office. That is apparently at least part of the problem that must be dealt with.

• Once a revised solution is decided upon, absolutely everyone should be required to update their password, whether they are currently on the sheet or not.

• The users who have been using that spreadsheet must be made to agree…

Continue Reading...
Sources used in this document:
References

Devil's Blog. (2017). LDAP Enumeration. Nrupentheking.blogspot.com. Retrieved 28 May 2017, from https://nrupentheking.blogspot.com/2011/02/ldap-enumeration.html

Orrey, K. (2017). VulnerabilityAssessment.co.uk. Vulnerabilityassessment.co.uk. Retrieved 28 May 2017, from http://www.vulnerabilityassessment.co.uk/ldapminer.htm

SourceForge. (2017). LdapMiner. SourceForge. Retrieved 28 May 2017, from https://sourceforge.net/projects/ldapminer/
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security and Privacy on the
Words: 2048 Length: 5 Document Type: Term Paper

Again, people find a difference between intrusion by the government and by the private companies. In U.S., there are very few restrictions on private companies than on the government about collecting data about individuals. This is because activities like buying of books, getting a video, seeing a movie in theatres or eating in restaurants have been viewed as public activities of individuals. These are essentially not bothered with by laws

Read More
Essay
Survey of Commercial Firewalls
Words: 2011 Length: 7 Document Type: Term Paper

Firewalls Once upon a time a firewall was a physical barrier that kept a literal fire from spreading from one building to another. Now the term is more often used to refer to a variety of devices - both hardware and software - meant to keep information from being stolen from a computer. This paper examines the variety of commercial firewalls that are available today. Initially firewalls were separate pieces of hardware;

Read More
Essay
Information System on Ethical and
Words: 6479 Length: 15 Document Type: Research Paper

They have a moral obligation to the South African people in this area for many reasons. First, they have an obligation to make certain that they can participate in the global economy to give their citizens the same chances for advancement as other nations. Secondly, they have a moral obligation to do everything possible to keep their citizens safe. When one discusses the topic of security in Information and Communication

Read More
Essay
Computer Hacker Nefarious Notions III
Words: 9646 Length: 35 Document Type: Term Paper

(Hackers Chronology, 2006). 1989 The first case of cyber espionage is recognized in Germany (west). This reportedly involved the CHAOS computer club. "Mentor releases the hacker manifesto Conscience of a hacker, which ends with the intriguing line: 'You may stop the individual, but you can't stop us all.'" (Hackers Chronology, 2006). 1990 Electronic Frontier, Freedom on the Internet advocacy group, is launched Polymorphic viruses (which modifies themselves when they spread), along with other sophisticated kinds of

Read More
Essay
Released by the FBI and
Words: 17274 Length: 65 Document Type: Research Proposal

" Human development- behavioral shifts in human being that tae place during the course of an entire lifespan ("Human Behavior"). Risk Analysis- the activity of determining and analyzing the dangerous natural and human caused negative events. This analysis takes into consideration the risks these event pose to businesses individuals and governments. Within the domain of information technology risk analysis reports are utilized to tailor technology-related objectives with a an organization's business objectives.

Read More
Essay
Malware Since the Earliest Days
Words: 1957 Length: 6 Document Type: Term Paper

However, nothing can be done until the malware actually occurs. With all the different viruses, worms and Trojans, how can security managers possibly predict what malware will occur next? In contrast, a behavioral rule defines legitimate activity in a system. Any activity not matching the profile will cause the security product to be triggered. As rules are not specific to a particular type of attack, they can block malicious

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now