Finding The Hidden InfoSec Story

The Football Stadium

Imagine a football stadium. Maybe an iconic and world-class venue such as Wembley. Once in possession of a ticket for a match, you are able to enter the stadium at any time through any entrance, watch every game, stay as long as you wish, occupy several seats and even copy your ticket and distribute it freely to your friends, who can then also enjoy these same benefits.

That is effectively what a network looks like without an appropriate and enforced User Access Control Policy. Users are able to login at any time, from any system or device and from several systems simultaneously, stay logged in for as long as they want and share their credentials with their colleagues or even outsiders without any danger of consequences with regard to their own access.

To create a secure network environment where IT managers can mitigate the risks of losing data from these insider threats, especially when users are accessing via a plethora of devices, a network, much like Wembley, needs to ensure that unauthorized access is no longer a possibility.

The prevention of simultaneous logins, restriction by session type (workstation, terminal, Internet Information Services, Wi-Fi, VPN…), usage and connection time limitations and the monitoring and recording of session activity are all crucial measures in stopping unauthorized access.

The first line of defense in any network is a user login. The restriction of user logins according to customized user access policies will help protect a network and all of the data contained within.

Share This Post On