Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cutting Security To Cut Costs?

Posted by Cliff on from the silver-bullets-and-severed-toes dept.

just currious asks: "I work for a large company (10,000+ pc's) who recently out sourced the help desk. After looking at about a year's worth of data we find the 30% to 50% of the calls to the helpdesk are password related (password resets, password changes, etc.) this is alot of calls (at 20+ dollars a pop). Now they want to reduce cost by cutting security, since if you don't have a password, you can't forget it. So here's what upper management wants to do: remove the security from all of our Windows 2000 machines. Has anybody else seen security cut just to save money?"

1 of 124 comments (clear)

  1. *sigh* by skinfitz · · Score: 5, Interesting

    Unfortunately this is a fact of IT - there are those who because they dont understand the need for IT security, means that you are reduced to working at their level.

    How many times have you heard this one?

    (Regarding a server that is connected to the net for FTP / SSH) "But who would want to hack our server?"

    I've often found that lusers actually do understand security concepts, however as soon as a computer is concerned they are thrown out of the window. For example:

    Me: "Tell me - do you drive a car?"
    Luser: "Yes"
    Me: "And does anyone have a specific grudge against you? Would they specifically want to steal your car?"
    Luser: "No!"
    Me:"So do you lock your car after you park it somewhere?
    Luser: "Of course I do!"
    Me: "So if no one wants to steal your car, why do you lock it?

    I've found they can't answer that one.

    The real issue is that people just cant use computers. What would solve the problem would be some form of transparent biometric authentication. Think about how we as human beings authenticate people - we do it all the time from speaking to friends on the phone, to making a transaction at the bank. If speaking to someone you know, you dont use a password - you know what your friend looks, sounds and behaves like, and this is used for "authentication". With a bank, you may not know the person you are about to hand over all your cash to, however because the bank is a big building in the location it's in, you know that it can be "trusted" due to it's physical location.

    Regarding passwords with Windows 2000 there are alternatives to this. The simple one is let them have no password, but make it so that their account can only log on from their computer. That will seriously limit the abuse that can happen. Alternatively just quietly delete all your CEO's MP3's and mail abusive messages and pr0n using his account - he'll soon wake up.