Views
8 years ago

SUMMER 2015

  • Text
  • Fastener
  • Fasteners
  • Washers
  • Industrial
  • Products
  • Bolt
  • Rivet
  • Screws
  • Washer
  • Distributors
Distributor's Link Magazine Summer Issue 2015 / Vol 38 No3

26 THE DISTRIBUTOR’S

26 THE DISTRIBUTOR’S LINK Don Conant Don Conant is the General Manager of Valley Nut and Bolt Company, Inc. in Olympia, Washington. The company is a fastener distributor and steel products manufacturer servicing the Pacific Northwest since 1969. Don is also Assistant Professor and Director of the MBA Program at Saint Martin’s University in Lacey, Washington. He earned his Master’s Degree in Business Administration from Saint Martin’s and his Ph.D. in Leadership Studies from Gonzaga University in Spokane, Washington. FASTENER DISTRIBUTORS NEED A PASSWORD MANAGEMENT POLICY On December 19, 2013 Target announced that hackers had breached their network stealing information from 40 million credit and debit cards. The market reacted by avoiding the retail chain during the holiday shopping season. Target posted a 46 percent drop in fourth quarter earnings compared to the previous year. The hackers gained access to the Target network through an HVAC subcontractor that had been granted access to the Target network to facilitate electronic billing, contract submission, and project management. Hackers often begin their attacks on large systems by attacking smaller vendors whose IT system security policies are lax. Every organization, large or small, needs to develop a reliable and sustainable IT security system. A password management policy is the starting point for any IT security system. In a connected environment, passwords serve as the gatekeepers. In this article I will summarize some of the best practices small businesses can implement to ensure their password management policy limits access to authorized personnel only. I will summarize the conflicting expectations that exist between system users and system managers, provide some best practices for password management, and make a few suggestions for policy implementation. Conflicting Expectations A National Institute of Standards and Technology (NIST) report on password management behaviors referred to the conflict between the expectations of users and system administrators with regard to password management policies. Users want passwords to be easy to remember, they want to use the same password across multiple systems, and they don’t want to have to change their passwords. On the other hand, system administrators want long passwords that use CONTRIBUTOR ARTICLE upper and lower case letters, numbers, and special characters; they want a different password for each system; and they want users to change their passwords frequently. Companies that disregard the recommendations of system administrators significantly increase their chances of experiencing a security breach. However, companies that ignore the expectations of users may drive frustrated users to write down passwords and hide them near their workstation or cause users to waste time resetting forgotten passwords. Is it reasonable to expect users to recall from memory multiple complex passwords that change without repetition two or three times a year? Users might be able to remember a few complex passwords that they use regularly, but what about passwords that are used infrequently? Best Practices There are no simple or complete solutions to this problem. Some companies allow users to password protect their computer and then let their web browser store and manage their passwords. Unfortunately, web browsers are made primarily for web browsing, not for password security. Other companies employ software specifically written to store and manage passwords securely. Both of these approaches share similar vulnerabilities. They both put all of your passwords in one place and use a password to control access. As with many problems, every solution involves a tradeoff. There are solutions that are better than others at satisfying the expectations of users and system administrators. I will focus on six practices that, if followed, will improve the security of most systems. These practices are training, strong passwords, unique passwords, changing passwords, keeping passwords secret, and intruder lockout features. CONTINUED ON PAGE 134

SHARE A PAGE FROM THIS MAGAZINE

OPTION 1: Click on the share tab above, or OPTION 2: Click on the icon (far right of toolbar) and then click on the icon (top right of the page).

Copyright © Distributor's Link, Inc. All Rights Reserved | Privacy Policy