Identity protection is a full-time job'for each user and sysadmin

Protecting personal identity from theft requires more than people being careful about how they use credit cards online, says Dennis H. McCallam of Northrop Grumman Corp.

'This is what everybody is looking out for, protecting yourself online,' McCallam said today at the FOSE conference in Washington. But personal data is so widely distributed that protection from identity theft involves all aspects of system security and management.

'Identity protection and identity management are one and the same,' said McCallam, an information assurance technical fellow at Northrop Grumman.

People should take basic steps such as using a personal firewall and scanning for spyware on PCs, but systems administrators and security officers also need to secure enterprises where sensitive data resides. Strong access control, event monitoring and auditing are necessary, he said.

'Run a scan,' McCallam said. 'You have to find out what you have.' He acknowledged that configuration management is a pain but called it necessary to ensure that systems are adequately protected.

Strong passwords are necessary, and random characters or numerals should be included in the first seven characters, not tacked on at the end, because Microsoft Windows stores and acts on only the first seven characters. That is why 'Windows passwords are so much easier to break' than those used to access Unix systems, McCallam said.

He also advised using Microsoft Active Directory.

'Really embrace Active Directory,' he said. 'It's kind of hard to deal with, but it's not a bad way to manage identity across a system.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected