Re: Security procedure question

Even so if the method i mentioned previously on this thread is applied , even if the user is foolish enough to avoid or unable to understand and apply the theory of a password then maybe they shouldn't be working anywhere near computers - but thankfully for the unbelievably stupid my method works since it applies to the following criteria:

1. Who you are (Biometric authentication)
2. What you know (The password of the unintelligent ignorant user)
3. What you have (The usb stick with the key on it)


To my opinion, any user not following a company's security policy should be either arrested for possible industrial espionage and/or sabotage of the company. The minimum impact should be his/her dismissal from the company as an employee.

Regards,
Mario A. Spinthiras







MandommGmail wrote:
I'm concerned about a user leaving the id and password on paper in or near the laptop.

There is no way one can defend against a user who decides to stick a sticky pad on his laptop and leaves his password there. The best encryption tool does not defend against human stupidity.

Alex
----- Original Message ----- From: "Saqib Ali" <docbook.xml@xxxxxxxxx>
To: "Brown, Sam" <sbrown@xxxxxxxxxxxxx>; <mario@xxxxxxxxxxxxx>; <lists@xxxxxx>
Cc: <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Friday, September 22, 2006 1:26 AM
Subject: Re: Security procedure question


If you don't mind, can I ask what product you selected? There are some
full/whole disc encryption implementations that support TPM. See the
URL for description:
http://en.wikipedia.org/wiki/FDE#Full_disk_encryption_and_Trusted_Platform_Module


If your laptops are TPM enabled the full disc encryption software can
wrap the decryption key with TPM, so the user won't have to remember
or note down an extra username/password.

On 9/20/06, Brown, Sam <sbrown@xxxxxxxxxxxxx> wrote:
We're going to be deploying whole disk encryption to our laptops so I am
interested in hearing how others have distributed the software
encryption ID's and passwords to users. I'm concerned about a user
leaving the id and password on paper in or near the laptop.

Sam Brown


---------------------------------------------------------------------------

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------






---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • RE: Verifying E-Mail Addresses
    ... correspondence with the sender upon realizing your own ignorance, ... Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... Original> The NSA has designated Norwich University a center of Academic ... Original> in Information Security. ...
    (Security-Basics)
  • Re: lock down personal Win XP workstation
    ... How secure depends on what programs and versions you are currently using as well as what ports and applications you have running. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ...
    (Security-Basics)
  • RE: Unauthorised switchport access
    ... Subject: Unauthorised switchport access ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ... in Information Security. ...
    (Security-Basics)
  • Re: Rights
    ... use it as the standard student logon, ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ...
    (Security-Basics)
  • RE: RE: ADS Password Storage Protection
    ... The hash is the NT hash, which is a tough nut to crack. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ... in Information Security. ...
    (Security-Basics)