
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > IAM best practices for employees with varying degrees of access to the same computer

Ask The Security Expert: Questions & Answers

EMAIL THIS

IAM best practices for employees with varying degrees of access to the same computer

EXPERT RESPONSE FROM: Joel Dubin

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 22 August 2008
In our organization, several users often have to share access to applications and resources on a single PC. However, we need to make sure passwords and files remain secure. What's the best way to implement access management among employees who need varying degrees of access to the same computer? Is it best to have a fingerprint scanner? Does another technology make more sense?

EXPERT RESPONSE
The answer to protecting access to a single PC with multiple users is a combination of both policy and technical controls. On the policy side, make sure each user having access to this particular PC -- and any other workstation or server -- has a unique user ID and password. This should be stated clearly in the corporate IT security policy.

The idea behind unique user IDs is to be able to keep track of not only user logins, but also all user activity on the PC. If there is an incident, or other security breach, access can be traced to an individual. Shared user IDs, even if only for a small group, make this impossible.

Both Windows and Unix, including Linux, allow multiple user accounts on a single local machine. Each user has an account, whose access and activity should always be logged. This, again, is for tracking who might have accessed the machine in the case of malicious access.

As for technical controls, such as fingerprint scanners or smart cards, this should be driven by the risk level of the data being accessed and an organization's specific business needs and requirements. Business risk should drive enterprise security controls, not the other way around.

Do a thorough risk analysis of the data being accessed on the PC. Is it sensitive customer information or proprietary company data? Or is it demographics for marketing purposes that can't be tied back to individual customers? The first is of higher risk and should be protected with stronger controls, and the second is lower risk that doesn't require such tight controls.

It also seems like this PC isn't connected to the network, meaning it can't really be controlled through any domain-level controls, such as those in Active Directory or LDAP. With that in mind, you'll have to rely on local controls on the PC itself and base access on the risk level of the files and data it holds.

Also, make sure that no one on the workstation has administrative access. Otherwise, each of the multiple users could have access to each other's files, defeating the purpose of having separate accounts on the PC.

More information:

Get advice on crafting an effective information security policy.
Learn about three simple IAM mistakes and how to avoid them.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	What are the options for a mechanical (not electrical) door security system on a server room door?
	What's the difference between access control mechanisms and identity management techniques?
	What courses can improve fundamental knowledge of infrastructure systems (Active Directory, LDAP, etc.)?
	What tools provide user provisioning and single sign-on for PeopleSoft- and Unix-based products?
	Should a new user have to confirm his or her email address before gaining access?
	Can home PCs provide a way for viruses and spyware to enter a corporate LAN?
	What should an enterprise look for in a password token, and in a vendor?
	Is it possible to write a batch file that allows user access to the local admin group for a short time?
	What are some good pre-boot biometric user authentication tools or strategies?
	If the encryption on the Mifare Classic RFID has been cracked, are smart cards insecure?

Password Policy

ID and password authentication: Keeping data safe with management and policies

New Sun product illustrates identity management trend

Shared Identity Providers Could Soothe Password Chaos

Is it possible to write a batch file that allows user access to the local admin group for a short time?

Is it illegal for anyone in an enterprise to ask an employee for his or her password?

Former LendingTree employees pilfer firm's customer database

Security360: Identity management market

Survey finds access control problems at many firms

What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

Should users set up password expiries in Active Directory?

Creating and Managing Information Security Policies

Richard Mackey: Building a framework-based compliance program

Learning the language of global compliance

IT security pros face challenge during economic crisis

Interview: Chris Nickerson of TruTV's 'Tiger Team'

IT security not valued at many firms, study finds

What value do research firms provide to enterprises that subscribe to their services?

Sound compliance policies, practices reduce legal costs

Exploring Microsoft's Network Access Protection policy options

How to avoid DLP implementation pitfalls

Is there a published standard or guideline for system hardening?

Creating and Managing Information Security Policies Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

logon (SearchSecurity.com)

password (SearchSecurity.com)

single-factor authentication (SFA) (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy