Home page logo

basics logo Security Basics mailing list archives

Re: Wireless Guest Access
From: rohnskii () gmail com
Date: 14 Dec 2007 00:48:17 -0000

However, they give the same id and password to a bunch of consultants and only change it every 30 days.

I'll leave the technical points to others, but will comment on the ID/Password situation. 

You have security concerns, yet you allow userid sharing?  In this situation I would think that at the very least you 
would require unique userid's so you can track individual contractor access.  And for these ID's you should enforce a 
rule disallowing multiple connections per ID.  As well, you should be logging and tracking access by these id's even 
more closely than you do your internal employees.  Don't you want/NEED to know specifically what files/folders these 
outsiders are accessing and what they are doing to them (Create,Read,Update,Delete)?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]