You are here >  theory >  security



This concept is implemented on systems or softwares that are being shared by several users, when all it requires is one account that has a single password. This password is shared among a trusted group of users within the organization, who make use of that software or the service. Eventhough the concept is great and makes it simple to administer, there are many security issues involved. Some of them include:

  • Accountability of Usage
  • .
  • Accountability of the Password.
  • Wider scope for the attacker.

Accountability of Usage


How would you track if one among the user group is misusing their privilge? The only way is to use IP based or Mac address based tracking. But if that is not the cause and if all users are logging from the same system at random time intervals or if there is no tracking mechanism at all, then no one is accountable for whatever happens to the software or the system itself.

Accountability of the Password


What if one of the member writes down the password in a sticky note that is stuck on her office desk? Or in other words, what if one of the shared users gives access to an unauthorized personal or looses it? There is no accountability in such cases, other than the fact that someone could take action after a suspicious pattern is observed or if something bad happens.

Wider scope for the attacker


When there are too many people using the same password, there are more login accounts, more IP addresses that are connecting to the same system or software, which makes a wider scope for the attacker to target. Now, instead of targeting the single system or the source/server that has the services or software that the attacker would like to penetrate into, he could penetrate into your system or other user's system who share the access to confidential files or resources and then gain their access to enter the secured area. No matter how secure or hardened the server is, if the access to that is shared among a wide range of users, that on itself would deprecate the level of security.



Having said that, you would have wondered [before reading this section] as to why system and network administrators take up such a burden of assigning passwords to everyone and set all policies to make your life miserable by changing your passwords every 90 days and ensures the strength of the password, ensures that no two passwords are the same and even if you shared passwords with someone else, they would make you restrict such access and ensure deadlines for the sharing business too. This is exactly why system and network administrators have to be who they are, for ensuring a secure environment.

EvilFingers Arsenal

Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google