Security Basics mailing list archives
RE: Workstation Locking
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Mon, 14 May 2007 15:14:36 -0400
Aladdin has a key fob that does just this. You will have to replace msgina.dll with Aladdin's though. One of the coolest features of the Aladdin fob is that it will synch password changes with AD on behalf of the user. This would allow you to set a password policy that included very long complex passwords that expired fairly often. The user would never know their password was updating. For remote access, they again simply use the fob. Alternatively, if you've implemented a PKI, the Aladdin fob will store the certs. Kind Regards, Scott Ramsdell CISSP, CCNA, MCSE Security Network Engineer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of oomplah () oomplah net Sent: Friday, May 11, 2007 1:09 PM To: 'Hitesh Patel'; security-basics () securityfocus com Subject: RE: Workstation Locking I believe what you're looking for as mentioned in other replies is simply either not cost effective or difficult to use. The root of the issue really is here is that being found with a unlocked workstation results in no consequence. A occasional reminder or e-mail won't do the trick even with the fear of termination/god/whatever. A policy that is enforced by the employee's management is probably the most cost effective option. In any environment if managers catch the employee with a unlocked workstation they should be subject to some form of disciplinary action. A simple "warning" will only last you a few weeks perhaps. A actual ding against their quarterly review/goals and/or threat of other disciplinary action would be enough to get people locking. (Might be enough for that manager to get rid of that low-performing employee) The key to this too however is to make it "easier" for them to lock/unlock their workstation. Insane password policies, placing the printer too far away from the employee, or constant up and down in their job doesn't lend to encourage the employee to comply. Perhaps a smart card/USB Keyfob system where the employee is required to remove the card to lock, and place it back in to unlock may make it easier. A 8-10 case-sensitive, alpha-numeric+special character password is difficult to type even for the experienced typer. A smart-card/USB Keyfob would only involve placing it in, and entering a pin (in some cases). In a "perfect" world this would make it easier for the employee vs. a insane password. Another thing I used to do was to embarrass the hell out of the employee and send stupid and embarrassing e-mail to their manager and co-workers using their unlocked workstations. It got their attention. Send a admin assistant out on their floors/buildings and have them e-mail the employee's managers with a gentle fyi would be a fun event for all! --Me -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hitesh Patel Sent: Wednesday, May 09, 2007 1:34 PM To: security-basics () securityfocus com Subject: Workstation Locking Hello Everyone, We are currently looking to enforce password locking policy for certain users. We do not want to use GPO in 2k domain. Our management like to see something that automatically lock workstation as soon as users are out of certain proximity range. And also want to automatically unlock as soon as comeback at desk without typing longer password. Anyone have any suggestion on product? Like to know what others are using? I have not found many product out there. Only found following: http://www.ensuretech.com/products/demo/demo.html thank you HP ----------------------------------------- CONFIDENTIALITY NOTICE: This message and any attached documents may contain confidential information from Hyland Software, Inc. The information is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for the delivery of this message to the intended recipient, the reader is hereby notified that any dissemination, distribution or copying of this message or of any attached documents, or the taking of any action or omission to take any action in reliance on the contents of this message or of any attached documents, is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail or telephone, at (440) 788-5000, and delete the original message immediately. Thank you.
Current thread:
- Workstation Locking Hitesh Patel (May 09)
- Re: Workstation Locking Alexander Bolante (May 11)
- RE: Workstation Locking jbeauford (May 11)
- Re: Workstation Locking Bert Knabe (May 14)
- RE: Workstation Locking jbeauford (May 11)
- RE: Workstation Locking oomplah (May 14)
- RE: Workstation Locking Scott Ramsdell (May 14)
- RE: Workstation Locking Scott Ramsdell (May 14)
- Re: Workstation Locking Simon (May 15)
- <Possible follow-ups>
- Re: Workstation Locking nomail (May 10)
- Re: Workstation Locking gjgowey (May 11)
- Re: Workstation Locking hi . prabhat (May 14)
- Brightmail harshad.mengle (May 15)
- Re: Workstation Locking hi . prabhat (May 15)
- Re: Workstation Locking Alexander Bolante (May 11)