Network login security question

Hello,

I am an employee in an outsourced IT company. We have 6 employees, and we have a lot of clients (30+). We all use the same administrator login, for all servers on all clients. This works great for us, but security has been a concern if someone were to leave the company. We would have to change the password for that account everywhere and man would that be a pain if this company grew larger.

My question, is how SHOULD we be doing this? what options do we have available to us? are there any technologies that could support this kind of a setup, easily and without large maintenance if someone leaves the company?

I appreciate any suggestions on revisions to our security policies.

 

As the 30+ sites are not yours, there is no way to centrally manage the logons.

You can explore the use of USB pen-sized security devices that could be applied to certain logon names.

 

our concern is not so much on site logins, but remote login. much of the work we do, is done remotely.

 

Why do you all use the same administrator to login?

Everybody should have their own user name to login. Then no matter whoever leave, just remove the relative user from the AD.

Do I understand your question correctly?

 

Yes, you definitely do understand the question correctly. The issue is that we have over 50 clients, and they don't want to go through the hassle of creating user accounts for everyone...trust me I side with you in that we all need user accounts to login. Do you know of any security reports or anything I could reference that would sway the companies decision?

 

You may ask the CEOs of those companies copying their office's keys to everyone who works for them. Then ask them what do they think. Just kidding.


Well, I think this is the common sense of computer networking security. You don't have to use third part reports to convince them. I am not very clear about Microsoft's license policy, don't they have enough budget on that?

 

Haha, no one is clear on Microsoft's license policy. The thing is that we are a very close company, thats the issue/problem. We are all very close, very trusting, we can all get into our office at any time, all our clients trust us, it is a very free open environment. That is where this lethargy comes from regarding security, but if we were to grow, this is going to have to be changed. Do you have any suggestions on a route we can go?

 

This jogs my memory a lot.

I have some experience on Cisco Routers. As far as I know, there are three security solutions.

1. Access list
2. AAA
3. Ipsec

If you want to apply them, you have to study(if you don't know before) these to make sure they can approach your goal.

I love cisco's online document, please check them at www.cisco.com

 

One thing worth looking at is restricting the IP addresses that can make incoming connections to your customers sites. So if you use dial-in or VPN, on the customer's site router or access point, restrict the connection to only your company's IP addresses.

This solution isn't perfect. It is possible to spoof an IP address. However, it makes it much more difficult for someone to connect, who has the password but is not on your company site.

Cisco routers and firewall will allow you set such rules. In fact most hardware firewalls will. Some cheap routers may not.