networking question

Posted:
in Genius Bar edited January 2014
Ok, apartently where i work they want to set up the network so there is a single domain and a single sign on for everyone. aparently, this is a big security problem, but i need to know why. Why is it bad to have a single sign on for all the users, and why is it bad to have a single domain for everyone to sign on to. obviously this question is more for the networking gurus but i have no idea so if you have ne ideas why this would be a security issue, plz lemme know. i have to know by the 15th of june. if you happen to know of a specific issue, please provide some evidence like a website or something. thx

Comments

  • Reply 1 of 1
    dobbydobby Posts: 796member
    A single domain is normal (unless you have hundreds of people spread over multiple locations.



    You normally login with your own user account onto a single domain. The domain can have trusts with other domains that lets your access servers/printers in the other domain without a new username/password.



    A single (shared) logon is only a security risk if the logon allows you to do things you want to track to a specific user.

    An example. 20 people use the login name userabc to login to their machines. Bob has a file the he doesn't want anyone else to see (payroll). As all the users share a single logon they all can read/delete this file.

    If you have a printer and there is a backlog of printjobs you know know who they are from as the username is userabc.



    We have individual logins for all users. We also have a generic login that allows people to access the same domain but with a restricted ruleset. They have internet access but cannot access the servers or the Applications dir etc. It is like a guest login but it is just to keep internet access to a minimum. The individual logins cannot access the internet.



    We do not consider our single login a security risk as we want a generic login that lets anyone access the internet.



    You company needs to decide if its a security risk.

    If you accountant/payroll people use the same generic login and everyone can access all data then I would say your company is rather foolish or very open.



    Dobby.
Sign In or Register to comment.