We are in the process of approving our ICT policies and migrating to SUSE and one of the things I did prior , was to monitor within the test group their online and offline habits.I have come to the conclusion that most users have little or no regard to network security.Most people think that its the duty of the system administrator to come up with policies that protect them from network security downtime's.To some level, its true, but also there are little other things that users do, that could compromise the security of the network.
Its amazing how users tend to respond quickly to online pop ups of winning Free iphones and cockroaches moving on the screen without knowing what is really behind this pop ups.This could be phishing or spyware platforms that could could compromise any network.
One thing I have noted in the past is the reluctance of users to have strong passwords(This are passwords that are more that 8 letters, a mixture of both alphabetical letters,symbols and numbers). They have a tendency of submitting spouse, children and parents names, which can be easily guessed.Most password policies recommend password change after a certain period of time, its unfortunate most users have a problem changing passwords and tend to ask the systems admin to increase the expiry period.
Some users tend to be power users, meaning they can be able to install applications on their computers on their own.Its amazing you will get so many applications installed without the user knowing what they are for, worse still, their impact and space size.
My friend told me of how they would send embarrassing links to colleagues when one left their workstation without logging in.It would be great if this was deployed everywhere, due to the fact that most employees do not find the need to lock their workstations when they leave, this can adversely affect the privileges approved if a malicious person abused them using your workstation and account.
I am advocate of open source platforms, and one thing I have learnt through using Linux SUSE is the ability to monitor the little things and come up with policies, access lists to match up to them, since the users at times do not care, or have no idea.
Have you used SUSE?Kindly share your thoughts on it.
No comments:
Post a Comment