Forwarded from: Richard Forno <rforno (at) infowarrior.org> > "Everyone has to complete their annual information assurance > training," he said. "Unauthorized e-mail accounts can open up the > system to hackers--so avoid them. You need to keep your system > password secure and not write it down where it can be easily seen and > you should not tell others what it is. Of course this is the DOD, who has a record of making password requirements so cumbersome that users with the best of intentions are forced to write them down at times, at least based on some of the networks I've been on over the years and the security policies governing them. I suspect many of their requirements for 'good'; password security actually contribute to greater password insecurity by folks circumventing that policy in the interests of performing their regular jobs. > Seth Gang, NETWARCOM's identity protection and management manager, > talked about the importance of securing CACs, which allows personnel > to have a cryptographic log-on to the network. > > "You must have physical possession of your CACs at all times," said > Gang. "It doesn't matter what you are doing; if you go to the grocery > store, or you are in your home, it must always be in your possession." Not owning a CAC card or being part of the DOD infosec funhouse, does this "always in your posession" policy somehow suggest a vulnerability with the CAC card system that's not widely known? One would think the loss of a CAC card, either intentionally or deliberate, would not present a single debilitating point of failure in the DOD infosec architecture. I have CAC-like cards/devices for other organizations and never was told it had to be in my posession 100% of the time. Curious. -rf _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Tue Mar 03 2009 - 01:06:11 PST
This archive was generated by hypermail 2.2.0 : Tue Mar 03 2009 - 01:10:29 PST