http://www.informationweek.com/news/security/vulnerabilities/231901118 By Mathew J. Schwartz InformationWeek October 19, 2011 One in four IT professionals say they know of at least one IT co-worker at their business who's used privileged login credentials to inappropriately access sensitive information. Furthermore, 42% report that IT staff freely share passwords and access to multiple business systems and applications. Those findings come from a survey of 300 IT professionals--two-thirds of them working for businesses with 10,000 or more employees--recently conducted by Lieberman Software, which sells privileged identity management software. When it comes to securing systems, experts recommend using long, random passwords that mix character types (uppercase and lowercase letters, symbols, and numbers), never reusing a password, and changing passwords with some frequency. But many end users fail to follow those recommendations unless faced with systems that automatically enforce password rules. Interestingly, the survey found that the same holds true for many businesses' IT departments. In particular, 25% of survey respondents said that at least some of the superuser passwords that grant all-access rights to hardware, applications, or databases were less complex than the business' end-user password policies required. Furthermore, since many of these superuser passwords were shared freely between employees, spotting inappropriate, administrator-level access to sensitive data and tracing it back to the person responsible would be difficult. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Oct 20 2011 - 01:56:16 PDT
This archive was generated by hypermail 2.2.0 : Thu Oct 20 2011 - 01:55:29 PDT