networking question
Ok, apartently where i work they want to set up the network so there is a single domain and a single sign on for everyone. aparently, this is a big security problem, but i need to know why. Why is it bad to have a single sign on for all the users, and why is it bad to have a single domain for everyone to sign on to. obviously this question is more for the networking gurus but i have no idea so if you have ne ideas why this would be a security issue, plz lemme know. i have to know by the 15th of june. if you happen to know of a specific issue, please provide some evidence like a website or something. thx
Comments
You normally login with your own user account onto a single domain. The domain can have trusts with other domains that lets your access servers/printers in the other domain without a new username/password.
A single (shared) logon is only a security risk if the logon allows you to do things you want to track to a specific user.
An example. 20 people use the login name userabc to login to their machines. Bob has a file the he doesn't want anyone else to see (payroll). As all the users share a single logon they all can read/delete this file.
If you have a printer and there is a backlog of printjobs you know know who they are from as the username is userabc.
We have individual logins for all users. We also have a generic login that allows people to access the same domain but with a restricted ruleset. They have internet access but cannot access the servers or the Applications dir etc. It is like a guest login but it is just to keep internet access to a minimum. The individual logins cannot access the internet.
We do not consider our single login a security risk as we want a generic login that lets anyone access the internet.
You company needs to decide if its a security risk.
If you accountant/payroll people use the same generic login and everyone can access all data then I would say your company is rather foolish or very open.
Dobby.