The IT Team at Oklahoma City Public Schools have a lot on their plate serving approximately 43,000 students over the district. To add to their workload, the team had been facing numerous challenges as a results of students – and staff – sharing their Windows network login.
Oklahoma City Public Schools eliminate the issue of user login sharing
Without a limit on concurrent logins or accurate usage tracking, the IT Team at Oklahoma City Public Schools found students were using logins other than their own to delete or steal files (such as homework) or tamper with shared network apps by deleting primary files. Native security controls in Windows Networks are not enough as they don’t limit concurrent logins.
Since systems record activity is based on the username used to log on to the system it follows that each username should always correspond to a unique individual. However, when a user’s password is shared, there is no accountability – we cannot ensure access to critical assets is attributed to any individual employee. This then creates a non-repudiation issue where user A, connected to the network with the credentials of user B, can access user B’s data and applications, send e-mails in his name, etc.
With UserLock’s login control, the school district were able to customize its user login policy, eliminate concurrent logins and cut IT usage tracking and recovery time by 70%. The district has seen the number of security incidents greatly reduce, including the stealing of homework or personal files and tampering with network apps.
The need for Technical Controls to stop users sharing credentials
Shared credentials and password reuse allows rogues users to easily move laterally within a company’s network once one system is compromised.
When a user’s password is compromised it is often the gateway for rogue users to getting access to other systems and applications because users commonly reuse passwords across multiple company systems.
As Senior Security Analyst John H. Sawyer recently commented “If you think single-sign-on sounds great, it’s even more useful to an attacker with a valid username and password because he can now get into everything with that one set of credentials“. More from John Sawyer and the Top 4 Problem Areas That Lead To Internal Data Breaches
Despite the increased education, security awareness and policies in place to restrict password sharing, shared credentials continue to be a problem as there is no consequence on users own access to the network. Policies are just expectations until an organization is given the means and oversight (technical controls) to enforce these corporate policies.
UserLock offers access control far beyond native Windows features
One unique software solution – UserLock – does however prevent concurrent logins, limiting users to only one possible Windows connection at any one instant and stopping rogue users seamlessly using valid credentials at the same time as the legitimate owner.
It also allows the implementation and strict enforcement of a granular user access control policy based on user, groups & OU – across all types of sessions (including Wi-Fi) – and permits/denies access to workstation and usage/connection times. Real Time Monitoring and Auditing ensures organizations can get compliant as well as be alerted by any predetermined access event.
By restricting user logins according to customized access policies (including preventing concurrent logins), UserLock provides the necessary security function to monitor, restrict, be alerted and run reports on all session activity throughout the network.
Visit our site to learn more about UserLock from IS Decisions. A Free Trial Download is available for 30Days here.
