How dangerous user behavior puts networks at risk
Network World -
As CIO at Bunker Hill Community College, Bret Moeller embraces students experimenting with technology as part of their education, but he'd prefer if their independent studies didn't involve hacking into the college's network.
"There are some students who discover at school that their whole point in life is to hack into the college's network to either glean information they have no right to access or to simply kill the network to prove they can do it," said Moeller, who works to manage and secure the Boston-area college's network.
"We can detect scanning on our network and we try to lock things down as much as possible or not allow software on workstations, but sometimes there can be a hole in our protections. We can't control the end users to the same degree one can in a corporate environment, but we still have to do as much as possible to secure the environment from end users," he said.
Yet, Moeller may have more in common than he realizes with corporate network and security managers.
Recent research from the Ponemon Institute revealed that a majority of users disobey company security standards -- and they do so knowingly. (See related slide show: End users behaving badly.) In addition, survey data just released by RSA shows that trusted insiders "create data exposures of extraordinary scope" through their everyday behaviors.
"End users are smarter than ever. The advent of the PC at home and not just work anymore, as well as the ability to look up and verify what the IT people are saying to you, is a different world," said Steve Moore, technology leader at Mary Kay Inc. in Dallas.
In addition, users can easily find detailed accounts of how to sidestep corporate policies, available from countless Internet sites and even laid out clearly in publications such as The Wall Street Journal.
With compliance regulations a constant factor, IT executives are caught between a rock and a hard place.
"We're constantly trying to balance the need for expanded access to information and the requirements to protect information from unauthorized and inappropriate use," said James Kritcher, vice president of IT at White Electronic Designs Corp. in Phoenix. "We now have an expanding number of accounts, passwords and other mechanisms to manage access to various resources. The resulting overhead and complexity increases the likelihood that inappropriate access may be granted."
For instance, users can unwittingly grant inappropriate access to co-workers, friends and family if they share too much information or neglect to update passwords. One area Craig Bush finds lacking among users is password security. He said the company has policies in place to ensure passwords aren't abused or revealed, but users consider managing passwords more of a hassle than a safeguard.
Reprinted with permission from
Story copyright 2009 Network World, Inc. All rights reserved.
thumb drives
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.
WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?

