| Author |
Message |
![[Post New]](/Sysforums/templates/default/images/icon_minipost_new.gif) 25/11/2009 21:00:07
|
Obelix
SysAid Wiz
Joined: 12/06/2008
Messages: 901
Offline
|
I'm not talking single sign-on in sysaid, but as general idea. I'm getting pressure to implement this as well and I still can't convince myself to go for it.
I mean doesn't "authenticate once access many" violates "security in-depth" ?
It's exactly the kind of thing that web application attacks are based on. It's what makes something as harmless as a search engine becomes a major security issues. They don't even need to "elevate" themselves anymore !
And with more and more corporate succumbs to the interconnections the web offer, you no longer have a lan, a wan or a web. It's a world wide what.
Maybe I'm expiring... but in a network where high availability is more important than your religion, the word single always makes me nervous. Single backplane, single line, single processors, single point of failure ?
So please, enlight me.
Anybody.
|
That is not a bug, it's a feature...
When everything else fail try SysAid Wiki by Techguy |
|
|
29/11/2009 00:09:44
|
SBIT
Super SysAider
Joined: 03/06/2009
Messages: 78
Location: Calgary
Offline
|
So what is your question exactly?
|
|
|
30/11/2009 00:39:08
|
Obelix
SysAid Wiz
Joined: 12/06/2008
Messages: 901
Offline
|
Is it possible to deploy single sign-on securely ?
If it is, how ?
|
That is not a bug, it's a feature...
When everything else fail try SysAid Wiki by Techguy |
|
|
30/11/2009 03:42:09
|
BJINS
SysAid Wiz
Joined: 08/08/2008
Messages: 583
Location: United Kingdom
Offline
|
Obelix,
I would be inclined to sit on your side of the fence on this one. Security is now one of the major issues in IT, as it always has been. Anyone who lives in Britain will remember the multiple loss of our own details through Gov. employees messing up IT Security.
I think you have run into the classic case of the bosses wanting two things that they cant have together from the IT. Have you explained to the "Higher-Ups" the potential security risk in implementing SSO?
M
|
When the going gets tough, the tough get SysAid |
|
|
30/11/2009 05:00:43
|
Obelix
SysAid Wiz
Joined: 12/06/2008
Messages: 901
Offline
|
Yes but everybody else is implementing it .. my competence began to be questioned. Is it really insecure... or I don't know how to secure it ?
I really looked into the technology. I mean it is a nice thing not only to the suits... but us IT elfves as well no ? But I have not found one that ease my worries.
Even in a non single sign-on environment, if there exist a way to automate the authentification process (think of our beloved ally - the command line) your system's in potential problem because if the password is the same in every layer (which what users ALWAYS do) and that automation kills the system halt that otherwise would requires user intervention, it will pose the same threat that a single sign-on scheme would be prone to.
I thought I could give an illusion that I provide them with what they want by implementing it on a low risk application only. But things are getting more and more integrated, every application always find their way to the core system.
On a smaller scale (read:the client)...
It's why linux is relatively more secure than windows isn't it ? That bloody box that kept asking for root password in every turns relentlessly ?
|
That is not a bug, it's a feature...
When everything else fail try SysAid Wiki by Techguy |
|
|
![[Up]](/Sysforums/templates/default/images/icon_up.gif){kind=icon}
![[MSN]](/Sysforums/templates/default/images/icon_msnm.gif){kind=icon}
