/ Go to Start / Return to Contents List /
Keeping networks secure is an ongoing challenge for today's MIS department. Preventing malicious behavior by viruses and hackers, and preserving data integrity present two thorny problems. Also vital is preventing internal disruptions of network security, like changing passwords so disgruntled former employees won't trash the file server, or making sure file permissions deny embezzlers access to the payroll database.
Let's not, however, dead-bolt the front door while leaving a ground-floor window wide open. Despite our most sophisticated precautions, chances are many of your users leave their workstations at the end of the day without logging out of the network. So, who needs to guess their password?
How many times, late at night, have you seen monitors eerily glowing: "This will end your Windows session. Ok/Cancel?" A simple click on Cancel will allow any passer-by full access not only to that workstation, but also to a variety of network services.
More subtle is the danger to data integrity. If your user walks away from the workstation while still using network databases or other applications, the server might consider those applications' data files still open and they might be skipped on routine incremental backups, day after day. Similarly, if your network has a limited number of login ports, or if certain applications allow only a fixed number of concurrent users, valuable network resources might be tied up unproductively for hours or possibly even days.
Failing to properly shut down a user's session might also affect that user's local hard disk. Many automated backup programs kick in during the shutdown process. No shutdown, no backup. Promote people-centric solutions.
The most productive approach to this security problem is education. Raise awareness of the logout issue as a security concern-it's likely that no one's discussed this with the new employee or manager! In your end-user newsletter or login message, remind everyone to logout at the end of the day or before going offsite. Stress how e-mail programs are frequently left running all day, and because everyone knows how to use e-mail, are vulnerable to hit-and-run snooping.
Depending on your corporate culture, you might add end-of-day logouts as company policy (or recommend it to senior management). If you do have a logout policy, remember: It's worthless if not enforced. If your network operating system supports automatic logouts, great. However, from a security perspective, that's no substitute for a manual logout when an employee leaves.
Unless you're working in a very secure business, you'll be unable to Justify the efforts needed to enforce your policy, especially during working hours... a prime time for unauthorized access. If the user's access profile includes "modify" or "delete" capability, then data integrity is very much at risk.
Security is especially important in certain parts of any company, e.g., human resources, accounting, product design, or MIS itself. In these departments you may want to consider physical security measures, such as keyboard or processor locks, or even keeping designated servers or workstations in locked enclosures or offices.
Based on the stored data's sensitivity, you may want to install more sophisticated measures, including added levels of password requirements, or even encryption. But remember, password-protecting key applications or encrypting data files won't help if the user walks away from the workstation without quitting the application.
In today's internetworked world, this problem may seem minor compared to the highly publicized dangers of hackers and viruses, or concerns about disaster recovery. But network security begins at home-be it keeping employees away from data they're not supposed to have, or making sure files and applications are backed up regularly. So be sure your doors are locked up tight - and all your window, too.