|
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -- [ Picked text/plain from multipart/alternative ] I agree with Rob (rob@dekko.com) and some of the other comments about not using the typical "some part of the last name followed by some part of the first name" user profile format. In my previous life as a security director in the real world, I employed an alphanumeric profile format that had meaning to us on the inside, but not some much to someone just looking at a list of profiles. The ultimate success level for a hacker attempting to gather this information can depend a great deal upon whether the user data or user naming convention has meaning. If user profiles are not traceable to a specific individual because they are generic or are in a format that does not uniquely identify the user, then the time required to derive the required information can be greatly increased. "Unique" does not imply that the profile can simply be an abstract of the user's actual name (i.e., JONESR for Robert Jones). Name-based profiles are easily guessed and easy to hack. On the other hand, while using seemingly meaningless profiles like TR85GH4Q decreases the likelihood of profile guessing, the administrative overhead is greatly increased by having to track whom each profile belongs to in a separate file or location, along with many more calls to the Help Desk when users can't even remember their ID, let alone the password. The best format for profiles is one that has meaning to the system administrators and is unique to the system AND will remain so even when user / employee turnover is considered. For example, a multi-office company can use an alphabetic character to begin each profile to identify geographic location, followed by two digits to identify status (perm or temp), and four digits to identify the individual user (employee number). In this scheme, using 00 for permanent employees and 99 for temporary employees, a company with offices in Atlanta, Boston, and Phoenix could have profiles like this: · A000257 Atlanta, permanent, Employee# 0257 · B001322 Boston, permanent, Employee# 1322 · P990033 Phoenix, temporary, Temp Employee# 0033 Using this scheme, an administrator can quickly identify the location and status of the user by the profile alone. Also, since most companies do not re-use employee numbers, these profiles remain unique long after an employee leaves the company. In a four digit employee number scheme, as many as 10,000 employees can "go through the turnstiles" before the risk of repeating an employee number arises. Of course, regular review of user profiles and their settings is paramount to a pro-active security program. User profiles are one of the first things auditors review when assessing the security health of your systems, as do the hackers!!! Steven Martinson Product Marketing Manager, iSeries and AS/400 PentaSafe Security Technologies, Inc. http://www.pentasafe.com Toll Free: 1.888.400.2834, x9585 Direct Dial: 1.713.860.9585
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
