Identity protection is a full-time job'for each user and sysadmin

Protecting personal identity from theft requires more than people being careful about how they use credit cards online, says Dennis H. McCallam of Northrop Grumman Corp.

'This is what everybody is looking out for, protecting yourself online,' McCallam said today at the FOSE conference in Washington. But personal data is so widely distributed that protection from identity theft involves all aspects of system security and management.

'Identity protection and identity management are one and the same,' said McCallam, an information assurance technical fellow at Northrop Grumman.

People should take basic steps such as using a personal firewall and scanning for spyware on PCs, but systems administrators and security officers also need to secure enterprises where sensitive data resides. Strong access control, event monitoring and auditing are necessary, he said.

'Run a scan,' McCallam said. 'You have to find out what you have.' He acknowledged that configuration management is a pain but called it necessary to ensure that systems are adequately protected.

Strong passwords are necessary, and random characters or numerals should be included in the first seven characters, not tacked on at the end, because Microsoft Windows stores and acts on only the first seven characters. That is why 'Windows passwords are so much easier to break' than those used to access Unix systems, McCallam said.

He also advised using Microsoft Active Directory.

'Really embrace Active Directory,' he said. 'It's kind of hard to deal with, but it's not a bad way to manage identity across a system.'

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected